3123f81dacea1173ae18aa0944df82d57f2465ba148216793f04ecee476304e6 | Triage

Sharing

General

Target

3123f81dacea1173ae18aa0944df82d57f2465ba148216793f04ecee476304e6
Size

110KB
Sample

221123-r1mrqsch9y
MD5

4097cecc9d744ab90952f06201687fec
SHA1

acd495700fe471ff920cfef79d60a690d472cebb
SHA256

3123f81dacea1173ae18aa0944df82d57f2465ba148216793f04ecee476304e6
SHA512

4375a51837ce76cd7f474386728e126842d3212b1f21a988f49e8f5a76ecf66e4af5a86042638f1a1a004f424c6c099c74f0e0d1c65e4015760a2eff421af329
SSDEEP

3072:hCARRIiUzPB7DFWE3iHlK+3DjFQiTQ+xCiPvhZNExEY:hNut5v67LCivhZNEx

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  3123f81dacea1173ae18aa0944df82d57f2465ba148216793f04ecee476304e6
- Size
  
  110KB
- MD5
  
  4097cecc9d744ab90952f06201687fec
- SHA1
  
  acd495700fe471ff920cfef79d60a690d472cebb
- SHA256
  
  3123f81dacea1173ae18aa0944df82d57f2465ba148216793f04ecee476304e6
- SHA512
  
  4375a51837ce76cd7f474386728e126842d3212b1f21a988f49e8f5a76ecf66e4af5a86042638f1a1a004f424c6c099c74f0e0d1c65e4015760a2eff421af329
- SSDEEP
  
  3072:hCARRIiUzPB7DFWE3iHlK+3DjFQiTQ+xCiPvhZNExEY:hNut5v67LCivhZNEx
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2