91af42153fd29d18e2983570aa5d627a7c7eef9c80c330a0acebb89fd6a2ba41 | Triage

Sharing

General

Target

91af42153fd29d18e2983570aa5d627a7c7eef9c80c330a0acebb89fd6a2ba41
Size

245KB
Sample

220920-yp8cmaecd3
MD5

5589c07b336229bd2dea6454fdd3b021
SHA1

cb9fa24d6b48cf65b221df6ffea609f7d5b2185a
SHA256

91af42153fd29d18e2983570aa5d627a7c7eef9c80c330a0acebb89fd6a2ba41
SHA512

dbef20203045272d658f7deb538a499a1d66d91ff249e3fca51c95fd910c96ade48df1ac9894252a40211ddf9ed0947c28e937add3306a715e03149c8c72a8c2
SSDEEP

384:lrILE1H+CHkFXP4WGzvsuj8Sf5dCuEMa/qunCmtJdh5R555Di:lIWeCHs6bdCjquRr5R555W

Score

8^/10

Malware Config

Targets

- Target
  
  91af42153fd29d18e2983570aa5d627a7c7eef9c80c330a0acebb89fd6a2ba41
- Size
  
  245KB
- MD5
  
  5589c07b336229bd2dea6454fdd3b021
- SHA1
  
  cb9fa24d6b48cf65b221df6ffea609f7d5b2185a
- SHA256
  
  91af42153fd29d18e2983570aa5d627a7c7eef9c80c330a0acebb89fd6a2ba41
- SHA512
  
  dbef20203045272d658f7deb538a499a1d66d91ff249e3fca51c95fd910c96ade48df1ac9894252a40211ddf9ed0947c28e937add3306a715e03149c8c72a8c2
- SSDEEP
  
  384:lrILE1H+CHkFXP4WGzvsuj8Sf5dCuEMa/qunCmtJdh5R555Di:lIWeCHs6bdCjquRr5R555W
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1