2efc59df28b9a5b83ae31b0e1c1ec30906f9e011915af898c0c2837a9921d2df | Triage

Sharing

General

Target

2efc59df28b9a5b83ae31b0e1c1ec30906f9e011915af898c0c2837a9921d2df
Size

201KB
Sample

220919-ce3hqsffcj
MD5

a2e2f76f5c3718fd05cba260b849560d
SHA1

bb06e88659e7ca9c9d649a6d282ea4c52a3369e5
SHA256

2efc59df28b9a5b83ae31b0e1c1ec30906f9e011915af898c0c2837a9921d2df
SHA512

d5b1b26bfb5b9ed46521fecb644f1683361156ff704c9470ca1f41c95c13e19cbf750ef869f84562257f75149036002c07c1e38e3b7d09040d20750440c7f056
SSDEEP

6144:9z+92mhAMJ/cPl3iqmcedgqFLBN1L91wG6YrCxjnjQlb:9K2mhAMJ/cPlKcedVz1EGzrCtjQlb

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  2efc59df28b9a5b83ae31b0e1c1ec30906f9e011915af898c0c2837a9921d2df
- Size
  
  201KB
- MD5
  
  a2e2f76f5c3718fd05cba260b849560d
- SHA1
  
  bb06e88659e7ca9c9d649a6d282ea4c52a3369e5
- SHA256
  
  2efc59df28b9a5b83ae31b0e1c1ec30906f9e011915af898c0c2837a9921d2df
- SHA512
  
  d5b1b26bfb5b9ed46521fecb644f1683361156ff704c9470ca1f41c95c13e19cbf750ef869f84562257f75149036002c07c1e38e3b7d09040d20750440c7f056
- SSDEEP
  
  6144:9z+92mhAMJ/cPl3iqmcedgqFLBN1L91wG6YrCxjnjQlb:9K2mhAMJ/cPlKcedVz1EGzrCtjQlb
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2