5481f1e3eeaff8ef203ed6e7321636e2bf5e76e2ccc0e89771d500ae1ba05132 | Triage

Sharing

General

Target

5481f1e3eeaff8ef203ed6e7321636e2bf5e76e2ccc0e89771d500ae1ba05132
Size

353KB
Sample

220725-xrrbfsbah8
MD5

11760101c2a5bda76688e8cfc93697d8
SHA1

23555e126c164e874b6fea7dade52d5df97a5fe1
SHA256

5481f1e3eeaff8ef203ed6e7321636e2bf5e76e2ccc0e89771d500ae1ba05132
SHA512

5be75743b383b3eb9de3d5cd9959634bc4dbeaff41821ac12c249b7fc2bd6426b727a53c667a393c862620e770eb9e380169eabe6abee1a07f26d38c03f2ea0a

Score

8^/10

Malware Config

Targets

- Target
  
  5481f1e3eeaff8ef203ed6e7321636e2bf5e76e2ccc0e89771d500ae1ba05132
- Size
  
  353KB
- MD5
  
  11760101c2a5bda76688e8cfc93697d8
- SHA1
  
  23555e126c164e874b6fea7dade52d5df97a5fe1
- SHA256
  
  5481f1e3eeaff8ef203ed6e7321636e2bf5e76e2ccc0e89771d500ae1ba05132
- SHA512
  
  5be75743b383b3eb9de3d5cd9959634bc4dbeaff41821ac12c249b7fc2bd6426b727a53c667a393c862620e770eb9e380169eabe6abee1a07f26d38c03f2ea0a
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2