c91d31f2acd2a4749358a9749143f09576c2f3162c62f773dcb4a2cd841bb403 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c91d31f2acd2a4749358a9749143f09576c2f3162c62f773dcb4a2cd841bb403
Size

181KB
Sample

221026-3bz7bahhf3
MD5

bacec145e9d2df7ea5d954e06a9ac9f0
SHA1

d51904080f5c78d82f7899187dcc29614de6b56f
SHA256

c91d31f2acd2a4749358a9749143f09576c2f3162c62f773dcb4a2cd841bb403
SHA512

c45dede4589fc730f703f1ec79773dd98e70190e0c8e42decf558680ec1abb5b555612f37b245e3cb2b8a6068cd6fdfef9137bdf08145b389bd554802b1e5470
SSDEEP

3072:oU9NUisdPspohd5qfffVANIDYtuCBhezkH/43toUYNEI1lcOVVVVVVVVhVVVVVVS:p9NUisNbnqAc

Score

7^/10

Malware Config

Targets

- Target
  
  c91d31f2acd2a4749358a9749143f09576c2f3162c62f773dcb4a2cd841bb403
- Size
  
  181KB
- MD5
  
  bacec145e9d2df7ea5d954e06a9ac9f0
- SHA1
  
  d51904080f5c78d82f7899187dcc29614de6b56f
- SHA256
  
  c91d31f2acd2a4749358a9749143f09576c2f3162c62f773dcb4a2cd841bb403
- SHA512
  
  c45dede4589fc730f703f1ec79773dd98e70190e0c8e42decf558680ec1abb5b555612f37b245e3cb2b8a6068cd6fdfef9137bdf08145b389bd554802b1e5470
- SSDEEP
  
  3072:oU9NUisdPspohd5qfffVANIDYtuCBhezkH/43toUYNEI1lcOVVVVVVVVhVVVVVVS:p9NUisNbnqAc
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2