beee0e048e15416c031529c276e5c88eaacae9e03884846b1678f407ef24c7e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

beee0e048e15416c031529c276e5c88eaacae9e03884846b1678f407ef24c7e8
Size

237KB
Sample

221020-vcn7faecd7
MD5

9620571a3b803a1fdffe61ed43d83570
SHA1

c137219beb0d4c52a175ab30b4471e320c93cb75
SHA256

beee0e048e15416c031529c276e5c88eaacae9e03884846b1678f407ef24c7e8
SHA512

0305406a999465c77dcedd42cdd2f376dcdef53cab55368e4958f14ca393780261ee11c93207537f3a2fe003c9ba62762485b9912be81b8aa45c98e9eec3fbe1
SSDEEP

6144:zLTHQOrRezFWuRwIDnJs3klamIEihkt7SPsmmLZgN5Pzv+:zXwOrReFWQFjMmIbGVjJFgN5Pz2

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  beee0e048e15416c031529c276e5c88eaacae9e03884846b1678f407ef24c7e8
- Size
  
  237KB
- MD5
  
  9620571a3b803a1fdffe61ed43d83570
- SHA1
  
  c137219beb0d4c52a175ab30b4471e320c93cb75
- SHA256
  
  beee0e048e15416c031529c276e5c88eaacae9e03884846b1678f407ef24c7e8
- SHA512
  
  0305406a999465c77dcedd42cdd2f376dcdef53cab55368e4958f14ca393780261ee11c93207537f3a2fe003c9ba62762485b9912be81b8aa45c98e9eec3fbe1
- SSDEEP
  
  6144:zLTHQOrRezFWuRwIDnJs3klamIEihkt7SPsmmLZgN5Pzv+:zXwOrReFWQFjMmIbGVjJFgN5Pz2
Score

8^/10

persistence
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2