f02fb0cdfc19ea14cecf93e5ff44300c2994a6ddd717c2cd1ba4706fb51dfbf8 | Triage

Resubmissions

21/09/2022, 20:28

220921-y86yxahad6 7

21/09/2022, 20:17

220921-y2ynyshac7 7

Sharing

Copy URL Twitter E-mail

General

Target

file.7z.zip
Size

786KB
Sample

220921-y2ynyshac7
MD5

572683e99521a90a21e72de893f7d407
SHA1

2276964af35e9287e927b0a5e56d36ef69365762
SHA256

f02fb0cdfc19ea14cecf93e5ff44300c2994a6ddd717c2cd1ba4706fb51dfbf8
SHA512

a8d81c460eca8a4c54ae7ba1c039ab2a569b39b365e238efe88b99a0a943b89079631b8e403356cbc81cc1e42ed751bd3bfe9f1f83aeaa87cb7b1888dca68df8
SSDEEP

24576:QAOO4O1gh1e3l6TZYKQeWIB/KfgJOjftErqCh:QAGbwQbZWIBSfnfirqY

Score

7^/10

Malware Config

Targets

- Target
  
  Power Tech PO-594 160922.exe
- Size
  
  1.3MB
- MD5
  
  0f06d106283ee5c591b043c11505d696
- SHA1
  
  9d64d8bfeee79d90c316e96628671fd829d68c46
- SHA256
  
  3dbcb27a7f441b6f3d6e47d9ae69c69a1af582b3e5c0dce44642e5d0ad0cf566
- SHA512
  
  f6b1741aa65ff36b593dee19d303e3ba09cd8cfeda3118d368934375d007dc542642bac9d040455e26f2dcb26c6dacfeb82ce1f462fbea945424ae4b99c086d2
- SSDEEP
  
  24576:Eoq1QPHwyyYiQdVFoTrYKui5LspjQ78peNcdNX91q:rSsQyiQdrovpkQ784Q9e
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2