2ca7888b89a4157c54503e10fb5b2f35d8752037e195540e168ab76e7db2caf9 | Triage

Sharing

General

Target

2ca7888b89a4157c54503e10fb5b2f35d8752037e195540e168ab76e7db2caf9
Size

263KB
Sample

221123-r2v5hadb51
MD5

1b94757c66c44b7739a18ff3f7f0a594
SHA1

2a12455c62c8eb831363f7ad5b03aea96b7bfd65
SHA256

2ca7888b89a4157c54503e10fb5b2f35d8752037e195540e168ab76e7db2caf9
SHA512

f3390db17b4e7c7d027e5c9cbfba8295253c97c06674d67ab9e51e3b6dbd4fdeb417ac8b74baf0ea7623b12a2f3132c4c59ad7c4881a0f189a0c19d1c2ac8a28
SSDEEP

3072:uZFcX5uDAwaTGgAigWW6KYO9UHIF6gsml5uWTtS6Vh1Gsv4PYA:uZ75Pig16ycWJjl5HtS6VKsvyD

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  2ca7888b89a4157c54503e10fb5b2f35d8752037e195540e168ab76e7db2caf9
- Size
  
  263KB
- MD5
  
  1b94757c66c44b7739a18ff3f7f0a594
- SHA1
  
  2a12455c62c8eb831363f7ad5b03aea96b7bfd65
- SHA256
  
  2ca7888b89a4157c54503e10fb5b2f35d8752037e195540e168ab76e7db2caf9
- SHA512
  
  f3390db17b4e7c7d027e5c9cbfba8295253c97c06674d67ab9e51e3b6dbd4fdeb417ac8b74baf0ea7623b12a2f3132c4c59ad7c4881a0f189a0c19d1c2ac8a28
- SSDEEP
  
  3072:uZFcX5uDAwaTGgAigWW6KYO9UHIF6gsml5uWTtS6Vh1Gsv4PYA:uZ75Pig16ycWJjl5HtS6VKsvyD
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks for any installed AV software in registry
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2