d24ba05eaaa3cbf9b9d1216c2ca721a974cb63d3f667b87742c2efaa77c190b2 | Triage

Sharing

General

Target

tmp
Size

4.6MB
Sample

221123-jdj4bsag4t
MD5

1596fe35ed70e111bdc2eb33fc6d1e2a
SHA1

5a4738176a3b8d0446f71487b40b8716bfc81d0a
SHA256

d24ba05eaaa3cbf9b9d1216c2ca721a974cb63d3f667b87742c2efaa77c190b2
SHA512

d73af05c907fd7382d1a207cbe7a6d7add3156e41404ab29393d1ed664c956759b3cfb8c1c0821d3f266227caed720fe719fb8197b4b20a7e7d90eca876a722a
SSDEEP

98304:QMDtIXLr06AdfEThF35Pzu+MDtIXLr06AdfEThF35PzuV0:ArmEdF3vrmEdF3y0

Score

8^/10

Malware Config

Targets

- Target
  
  tmp
- Size
  
  4.6MB
- MD5
  
  1596fe35ed70e111bdc2eb33fc6d1e2a
- SHA1
  
  5a4738176a3b8d0446f71487b40b8716bfc81d0a
- SHA256
  
  d24ba05eaaa3cbf9b9d1216c2ca721a974cb63d3f667b87742c2efaa77c190b2
- SHA512
  
  d73af05c907fd7382d1a207cbe7a6d7add3156e41404ab29393d1ed664c956759b3cfb8c1c0821d3f266227caed720fe719fb8197b4b20a7e7d90eca876a722a
- SSDEEP
  
  98304:QMDtIXLr06AdfEThF35Pzu+MDtIXLr06AdfEThF35PzuV0:ArmEdF3vrmEdF3y0
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2