9283ee25178e24cb15c76a111d084c3f1d1fb5710aaa1e2d72e014b5c1fb3f4e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9283ee25178e24cb15c76a111d084c3f1d1fb5710aaa1e2d72e014b5c1fb3f4e
Size

39KB
Sample

220919-b7h45abcb3
MD5

05819f0afd29c2dc97e6964fa8f7f016
SHA1

80fb7b983a27ae48c413a49b041760ab38abb40c
SHA256

9283ee25178e24cb15c76a111d084c3f1d1fb5710aaa1e2d72e014b5c1fb3f4e
SHA512

b87d0f721feb9dd849e992b4e5d296fcb42dc29594b910bd15af6efe91573db2ce3f1edd23c63719466f4c191f2e9ae98129cccbff76d17fcddae4fd85523752
SSDEEP

768:ThfX7+/+aDLra5NRui7T9W/xDI4xlcovHyBQyHhwv+:Thf8+aDfaHRuw994xSov0QyHh8+

Score

8^/10

Malware Config

Targets

- Target
  
  9283ee25178e24cb15c76a111d084c3f1d1fb5710aaa1e2d72e014b5c1fb3f4e
- Size
  
  39KB
- MD5
  
  05819f0afd29c2dc97e6964fa8f7f016
- SHA1
  
  80fb7b983a27ae48c413a49b041760ab38abb40c
- SHA256
  
  9283ee25178e24cb15c76a111d084c3f1d1fb5710aaa1e2d72e014b5c1fb3f4e
- SHA512
  
  b87d0f721feb9dd849e992b4e5d296fcb42dc29594b910bd15af6efe91573db2ce3f1edd23c63719466f4c191f2e9ae98129cccbff76d17fcddae4fd85523752
- SSDEEP
  
  768:ThfX7+/+aDLra5NRui7T9W/xDI4xlcovHyBQyHhwv+:Thf8+aDfaHRuw994xSov0QyHh8+
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2