ff89109a10306c24c736850654b1ffb5fb58ceec5bc039ffbdfe2d7d96a6cd5d | Triage

Sharing

General

Target

sigma.zip
Size

2.7MB
Sample

241226-rpmycsxmft
MD5

30be448007554a942aa9cf016f0738f9
SHA1

7e8ae4d8a2b46e75ce1bd8bf71d66bcf71b664f7
SHA256

ff89109a10306c24c736850654b1ffb5fb58ceec5bc039ffbdfe2d7d96a6cd5d
SHA512

6fd51368deddc03b44cb8a2696964cb1bee2aceca7cf98f6f04cbc4e1c0cdbb792c59fa56ee84935fe58d44b0732c8f225a631aa58229b0a27fe51a61bcdedb4
SSDEEP

49152:bKsFItWN1aErl2gudvwgz9rCNCh+bKdqyV/gsyjQb3ZbHAb0qfFlGJKxIifFxsoG:bhFIt1kavwgz9r9AbwqyNryjybgb0qfy

Score

8^/10

Malware Config

Targets

- Target
  
  sigma/Bootstrapper.exe
- Size
  
  800KB
- MD5
  
  02c70d9d6696950c198db93b7f6a835e
- SHA1
  
  30231a467a49cc37768eea0f55f4bea1cbfb48e2
- SHA256
  
  8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
- SHA512
  
  431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
- SSDEEP
  
  12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  sigma/BootstrapperV2.05.exe
- Size
  
  2.8MB
- MD5
  
  241706a4b2aa26c47eb1dbadf12eba14
- SHA1
  
  e46f254c6c29bf9371f04b7a27fb1569a7dbba23
- SHA256
  
  11b86e51f1f67bc7d59a881aa9cbbb5519c118ea74291476ff61fb9ddbff454e
- SHA512
  
  2e876573e2f44491bfe0cc915910f66d030c5e013f36d72e460603480f292bf6f4c5625cebeba47a9ea4fc564e776c656f74c5d7032ea0340de3840db8fe49ea
- SSDEEP
  
  49152:klcyXfHnaBTof9ePCDkIAm13E6ClY11kqXfd+/9AB1Y3ha/ehH7pNLLYf:eZXfHaFoyIv2blY11kqXf0FZ3ha/e97j
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4