f215dc963cb6a3b587ce247e879de8c9178655edde5de4f6223b2c7d1f46f065 | Triage

Sharing

General

Target

f215dc963cb6a3b587ce247e879de8c9178655edde5de4f6223b2c7d1f46f065
Size

110KB
Sample

241121-ns6yvssejk
MD5

6886318251537429ea8a325981408b9e
SHA1

af07229aa7bb34f8d68644917cb7bf57204b1f26
SHA256

f215dc963cb6a3b587ce247e879de8c9178655edde5de4f6223b2c7d1f46f065
SHA512

d001bcfbaf062dbf8a2d39251c24ae00407997d8a248ad2ddfbd69e9ea30fb92194cd05506f013fa536bc5aeb743cf873fc6952008b9909d178322493ab73e0d
SSDEEP

1536:jPf9wIXONbslJy2e0xrT41xwMMxg/tqHHHsFTgkRJgI+oapbV8Xnb/t:jP1wIXO2uL04YIgHwTgkRJgp38XnJ

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  f215dc963cb6a3b587ce247e879de8c9178655edde5de4f6223b2c7d1f46f065
- Size
  
  110KB
- MD5
  
  6886318251537429ea8a325981408b9e
- SHA1
  
  af07229aa7bb34f8d68644917cb7bf57204b1f26
- SHA256
  
  f215dc963cb6a3b587ce247e879de8c9178655edde5de4f6223b2c7d1f46f065
- SHA512
  
  d001bcfbaf062dbf8a2d39251c24ae00407997d8a248ad2ddfbd69e9ea30fb92194cd05506f013fa536bc5aeb743cf873fc6952008b9909d178322493ab73e0d
- SSDEEP
  
  1536:jPf9wIXONbslJy2e0xrT41xwMMxg/tqHHHsFTgkRJgI+oapbV8Xnb/t:jP1wIXO2uL04YIgHwTgkRJgp38XnJ
Score

8^/10

discovery
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2