e8037bf64e996ce4aa43229067eb29f96f7cc096e6047c994ea524e6f5200d0d | Triage

Sharing

General

Target

e8037bf64e996ce4aa43229067eb29f96f7cc096e6047c994ea524e6f5200d0d
Size

148KB
Sample

221123-p2jqcsfg81
MD5

7455434b82cd0f6f81a648af92b8b267
SHA1

ecf82e5c9c565338477a2fe2ef9bff4eb43aa759
SHA256

e8037bf64e996ce4aa43229067eb29f96f7cc096e6047c994ea524e6f5200d0d
SHA512

7ce6c2754089614793923304e65b181d97b0432c318af7610f0e139533612f9fdaebe32ce7191957b70e17e95c8694ed55b168b6e5f62a620aa77db48e214de2
SSDEEP

3072:BGOtAUhje2WRjYaP9LUirtYEhfLYQe9nxKnp84b7UNO:IuDsRjNP9JpYwLWlxKPb7g

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  e8037bf64e996ce4aa43229067eb29f96f7cc096e6047c994ea524e6f5200d0d
- Size
  
  148KB
- MD5
  
  7455434b82cd0f6f81a648af92b8b267
- SHA1
  
  ecf82e5c9c565338477a2fe2ef9bff4eb43aa759
- SHA256
  
  e8037bf64e996ce4aa43229067eb29f96f7cc096e6047c994ea524e6f5200d0d
- SHA512
  
  7ce6c2754089614793923304e65b181d97b0432c318af7610f0e139533612f9fdaebe32ce7191957b70e17e95c8694ed55b168b6e5f62a620aa77db48e214de2
- SSDEEP
  
  3072:BGOtAUhje2WRjYaP9LUirtYEhfLYQe9nxKnp84b7UNO:IuDsRjNP9JpYwLWlxKPb7g
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2