588da1c4790d57614178a440430e0f0fc1b1437ea73053aff0df23622daa7a89 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

588da1c4790d57614178a440430e0f0fc1b1437ea73053aff0df23622daa7a89
Size

208KB
Sample

221106-3s7bysgcd9
MD5

05e207b1e5e75ed8da49695cead9036f
SHA1

5bd4262fc02d2676e214ba7b62ec8a1a26083ddd
SHA256

588da1c4790d57614178a440430e0f0fc1b1437ea73053aff0df23622daa7a89
SHA512

6a73e4995bc6a11555000e08af2913d102ae1b3510f0a4a8959fb2439683407ce4dcfdcd281e82f9c6d5250b9995b1b1b711d670e3c2e4bea9c864663ba00422
SSDEEP

3072:WQIURTXJwvhb6D1MDSMm6wxRrifCsDpdViFMCPIGgDdp+X2E/jBXfXp9+TFYq3h:WsIhbuyDzm6Q5ipsKGEdO2ElXv6JYch

Score

8^/10

Malware Config

Targets

- Target
  
  588da1c4790d57614178a440430e0f0fc1b1437ea73053aff0df23622daa7a89
- Size
  
  208KB
- MD5
  
  05e207b1e5e75ed8da49695cead9036f
- SHA1
  
  5bd4262fc02d2676e214ba7b62ec8a1a26083ddd
- SHA256
  
  588da1c4790d57614178a440430e0f0fc1b1437ea73053aff0df23622daa7a89
- SHA512
  
  6a73e4995bc6a11555000e08af2913d102ae1b3510f0a4a8959fb2439683407ce4dcfdcd281e82f9c6d5250b9995b1b1b711d670e3c2e4bea9c864663ba00422
- SSDEEP
  
  3072:WQIURTXJwvhb6D1MDSMm6wxRrifCsDpdViFMCPIGgDdp+X2E/jBXfXp9+TFYq3h:WsIhbuyDzm6Q5ipsKGEdO2ElXv6JYch
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2