886a69165bbc6a7c3eddcbfa8bf1a037a4bd3f0e6a0d4d0627c0bc01ecc394bc | Triage

Sharing

General

Target

Cbvevfvsijf_pif.exe
Size

15KB
Sample

221123-rnzwjahb33
MD5

816e18d8cbbe7fd9b7e8b014ac9f172f
SHA1

0667252224074f3b03d85cdcebacc745051e3786
SHA256

886a69165bbc6a7c3eddcbfa8bf1a037a4bd3f0e6a0d4d0627c0bc01ecc394bc
SHA512

9ebcdde2f5d4e9cda2c70e06df2f7fc0346cb14e82f7651fb487e80a95f7c021b6b6d23162858ef3ebb01d890afbb6eec4d9c18671a0f59b308ad1fee432caea
SSDEEP

384:Vo0ISpJi492rb/VmINYTLJNQS/+ovwaFPQpoq:jIS7H921mINYHAS+ovnRPq

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Cbvevfvsijf_pif.exe
- Size
  
  15KB
- MD5
  
  816e18d8cbbe7fd9b7e8b014ac9f172f
- SHA1
  
  0667252224074f3b03d85cdcebacc745051e3786
- SHA256
  
  886a69165bbc6a7c3eddcbfa8bf1a037a4bd3f0e6a0d4d0627c0bc01ecc394bc
- SHA512
  
  9ebcdde2f5d4e9cda2c70e06df2f7fc0346cb14e82f7651fb487e80a95f7c021b6b6d23162858ef3ebb01d890afbb6eec4d9c18671a0f59b308ad1fee432caea
- SSDEEP
  
  384:Vo0ISpJi492rb/VmINYTLJNQS/+ovwaFPQpoq:jIS7H921mINYHAS+ovnRPq
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2