8405b256217fd50982c33cc6be8b239c1f74b50f5b575f40082a8fac3c3a6388 | Triage

Sharing

General

Target

8405b256217fd50982c33cc6be8b239c1f74b50f5b575f40082a8fac3c3a6388
Size

207KB
Sample

221011-fdvchsehh6
MD5

69fce06e2bcd6be56fa9456abb53c450
SHA1

6cc1d500439af463b6035332824cd8cea15e7176
SHA256

8405b256217fd50982c33cc6be8b239c1f74b50f5b575f40082a8fac3c3a6388
SHA512

faac94715e63d162e9e567e23cc98030264e86723667f3a7d0122e920503e82e6e9af79f40cd04202cc566396c4cd5379edaa946a1fb5a83ea13f0a3e5953256
SSDEEP

6144:Jz+92mhAMJ/cPl3iwESGwupSPWEteMdR3KPyGmp9k0FJ:JK2mhAMJ/cPl+SGREWEyyDNJ

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8405b256217fd50982c33cc6be8b239c1f74b50f5b575f40082a8fac3c3a6388
- Size
  
  207KB
- MD5
  
  69fce06e2bcd6be56fa9456abb53c450
- SHA1
  
  6cc1d500439af463b6035332824cd8cea15e7176
- SHA256
  
  8405b256217fd50982c33cc6be8b239c1f74b50f5b575f40082a8fac3c3a6388
- SHA512
  
  faac94715e63d162e9e567e23cc98030264e86723667f3a7d0122e920503e82e6e9af79f40cd04202cc566396c4cd5379edaa946a1fb5a83ea13f0a3e5953256
- SSDEEP
  
  6144:Jz+92mhAMJ/cPl3iwESGwupSPWEteMdR3KPyGmp9k0FJ:JK2mhAMJ/cPl+SGREWEyyDNJ
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2