cd71732fc0073cf2dd0af243f6b10b3ec0d2cd19e9ba6b2e7e9b82d08f313a7d | Triage

Sharing

General

Target

80c4295d0116b0862ac0e56a8331be3c.exe
Size

837KB
Sample

221027-kap1vabec9
MD5

80c4295d0116b0862ac0e56a8331be3c
SHA1

f3186c21cf7f4fd73b455c83949b7bf05bd4cd17
SHA256

cd71732fc0073cf2dd0af243f6b10b3ec0d2cd19e9ba6b2e7e9b82d08f313a7d
SHA512

cdecee2d70d07c8f51231fd98b932eb8acac5ba8200802943aef36ff4c6e0e0d22934acaa102aa7fa4be66bd7444ecf07214a9399ae07b23a5881653b5aa0a08
SSDEEP

6144:XIRmE/X7jGO8QdFKNEvLtRr0NSYb4Tb7+6sh3ElQ+fu5mbw9H9TH2v4ZEOg3qRqe:knJTzdbath35584mOAqk3+o8O8oo

Score

8^/10

Malware Config

Targets

- Target
  
  80c4295d0116b0862ac0e56a8331be3c.exe
- Size
  
  837KB
- MD5
  
  80c4295d0116b0862ac0e56a8331be3c
- SHA1
  
  f3186c21cf7f4fd73b455c83949b7bf05bd4cd17
- SHA256
  
  cd71732fc0073cf2dd0af243f6b10b3ec0d2cd19e9ba6b2e7e9b82d08f313a7d
- SHA512
  
  cdecee2d70d07c8f51231fd98b932eb8acac5ba8200802943aef36ff4c6e0e0d22934acaa102aa7fa4be66bd7444ecf07214a9399ae07b23a5881653b5aa0a08
- SSDEEP
  
  6144:XIRmE/X7jGO8QdFKNEvLtRr0NSYb4Tb7+6sh3ElQ+fu5mbw9H9TH2v4ZEOg3qRqe:knJTzdbath35584mOAqk3+o8O8oo
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2