5e915727ef2f2087839f8c013fe8b85be8dc0668d5d51d465c9d864a50d0e4cd | Triage

Sharing

General

Target

5e915727ef2f2087839f8c013fe8b85be8dc0668d5d51d465c9d864a50d0e4cd
Size

40KB
Sample

221123-rhryqsgf72
MD5

21d84c36f184858f92b07e4724e6c572
SHA1

cf2dec22a900a54f180322d4a34986092e7f1cbf
SHA256

5e915727ef2f2087839f8c013fe8b85be8dc0668d5d51d465c9d864a50d0e4cd
SHA512

1d3e59129047dc06f36135e081fe940c90ac3fe4876ec8193f83b0cb059a4a73392e22a8cae0b3a045300d89762deba247777acef6770e68b083d5eca2273b20
SSDEEP

768:QVdWemzlLOPoUdCgDj+/1x1FSLDLRUNQNIwewoFMQQJj7gKn:+dGFO0yj+/bODLRHQMQsj7g

Score

8^/10

persistence upx

Malware Config

Targets

- Target
  
  5e915727ef2f2087839f8c013fe8b85be8dc0668d5d51d465c9d864a50d0e4cd
- Size
  
  40KB
- MD5
  
  21d84c36f184858f92b07e4724e6c572
- SHA1
  
  cf2dec22a900a54f180322d4a34986092e7f1cbf
- SHA256
  
  5e915727ef2f2087839f8c013fe8b85be8dc0668d5d51d465c9d864a50d0e4cd
- SHA512
  
  1d3e59129047dc06f36135e081fe940c90ac3fe4876ec8193f83b0cb059a4a73392e22a8cae0b3a045300d89762deba247777acef6770e68b083d5eca2273b20
- SSDEEP
  
  768:QVdWemzlLOPoUdCgDj+/1x1FSLDLRUNQNIwewoFMQQJj7gKn:+dGFO0yj+/bODLRHQMQsj7g
Score

8^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2