4dfed4fe4bf83b2ef3c82c4468a3103953884257af9167f53be99dc5e3a66612 | Triage

Sharing

General

Target

N. 2022444___________________________________________________________________________________________png.zip
Size

7KB
Sample

220915-mqq9ysgecj
MD5

8f1eb5035eda4dc9af23e814cdb52358
SHA1

76180c9ad01269e7318d96de0f655a02bf607f96
SHA256

4dfed4fe4bf83b2ef3c82c4468a3103953884257af9167f53be99dc5e3a66612
SHA512

8007be5dcfe02ea0422dace46cfa5952963d8c64a74a2f098536a21557d648cb1272ae546f4f5c9dbaf727156b7a2bf4a3225367cac837b6899ae3fcc25c5229
SSDEEP

96:AoR/GYpdzB/A/QK6r2Ld6v8Eil/2VW0YpsAv3FQd+HX3lB2tm7OJWG+Qw:ActTK6rIdG8PsW0Ypr3Fqo3b2I78X+Qw

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  N. 2022444___________________________________________________________________________________________png.exe
- Size
  
  13KB
- MD5
  
  a143a737e50b83645893a06100e02717
- SHA1
  
  4114ad06b295a2072b9d9eb4b031e936907d3804
- SHA256
  
  f330c3c357dc7e56276e70699142c1af47ad144d299c160d79e8aaa3e4018aa6
- SHA512
  
  a92b59233c0bc4bf23da1b298194f8eb7f4087c0e1be965d6dc9d13835da0284a8d24632927bb622832c693c55b69702ca8a80c115ff5ac3b6af0c32217092ba
- SSDEEP
  
  192:al5JJd1BbfVTjgIVC7LAXM/cTRy+SNB09QWN6UrwLk+:A5JJd1ZfVTjgnLym+pt5sg
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2