d8b694b6acb7d442a52f2c647f67a2d940dec668d1958669d177357d16ff811c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d8b694b6acb7d442a52f2c647f67a2d940dec668d1958669d177357d16ff811c
Size

26KB
Sample

221107-sk3cxsdbe6
MD5

09cd22cf0c406299c3db070825442eb8
SHA1

43453784a68343298feb73a31a2a0f3f4810aec8
SHA256

d8b694b6acb7d442a52f2c647f67a2d940dec668d1958669d177357d16ff811c
SHA512

dc5b81f3327d6ecd8833c92a6f6dc33a0c93b31683e916763f9e09f7620efce0fa7a6323afbf2bf4067aa7513790a76920ab89eef636a256104094f62dc4a2de
SSDEEP

384:NH6ytHhFwOqz28U400mUzrskVbIF+91QnDQnfSnOkwRijKMVsrzEUDSoaeIZ:Nayt3qyjpgoMoiOQqGY9VWzbGoaeI

Score

8^/10

Malware Config

Targets

- Target
  
  d8b694b6acb7d442a52f2c647f67a2d940dec668d1958669d177357d16ff811c
- Size
  
  26KB
- MD5
  
  09cd22cf0c406299c3db070825442eb8
- SHA1
  
  43453784a68343298feb73a31a2a0f3f4810aec8
- SHA256
  
  d8b694b6acb7d442a52f2c647f67a2d940dec668d1958669d177357d16ff811c
- SHA512
  
  dc5b81f3327d6ecd8833c92a6f6dc33a0c93b31683e916763f9e09f7620efce0fa7a6323afbf2bf4067aa7513790a76920ab89eef636a256104094f62dc4a2de
- SSDEEP
  
  384:NH6ytHhFwOqz28U400mUzrskVbIF+91QnDQnfSnOkwRijKMVsrzEUDSoaeIZ:Nayt3qyjpgoMoiOQqGY9VWzbGoaeI
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2