9163f83fcf5eec7492ef3ed2caaf4db1aeed974b6cb2c31281bb1f8a4cfdde49 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9163f83fcf5eec7492ef3ed2caaf4db1aeed974b6cb2c31281bb1f8a4cfdde49
Size

26KB
Sample

221020-ynfk8acdf8
MD5

96259ec883ced90cff21ab5f830bf520
SHA1

818d21d10c3e00523215e743d1475191fdca0f48
SHA256

9163f83fcf5eec7492ef3ed2caaf4db1aeed974b6cb2c31281bb1f8a4cfdde49
SHA512

2e85da28723768eeb60b93c8baf0f37be7cde2c6bc6a85b4a2ed40a5844de7925eecb93c3c882d6eae97f490d7985bea459518aa54f54da70af04ac3cb213073
SSDEEP

384:6Nw/tOeWLvfHK1KGvHzmlhqUKRoTdWPVMFZZy2KnP7h+rHykzjsvoCkhT5EY7exq:/HWLfq1l6lhfOgWtoS/UWeQQb5OQoQ

Score

8^/10

Malware Config

Targets

- Target
  
  9163f83fcf5eec7492ef3ed2caaf4db1aeed974b6cb2c31281bb1f8a4cfdde49
- Size
  
  26KB
- MD5
  
  96259ec883ced90cff21ab5f830bf520
- SHA1
  
  818d21d10c3e00523215e743d1475191fdca0f48
- SHA256
  
  9163f83fcf5eec7492ef3ed2caaf4db1aeed974b6cb2c31281bb1f8a4cfdde49
- SHA512
  
  2e85da28723768eeb60b93c8baf0f37be7cde2c6bc6a85b4a2ed40a5844de7925eecb93c3c882d6eae97f490d7985bea459518aa54f54da70af04ac3cb213073
- SSDEEP
  
  384:6Nw/tOeWLvfHK1KGvHzmlhqUKRoTdWPVMFZZy2KnP7h+rHykzjsvoCkhT5EY7exq:/HWLfq1l6lhfOgWtoS/UWeQQb5OQoQ
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2