eae62175cebb33521e1f2c250a0715dcdc93f9787eb96c871dc2d0ba48b3e3ba | Triage

Sharing

General

Target

eae62175cebb33521e1f2c250a0715dcdc93f9787eb96c871dc2d0ba48b3e3ba
Size

318KB
Sample

221123-s1ea2acf98
MD5

e4793a916988680cb6c486a4d22a0ca2
SHA1

6269b79ad380e6af276bb14e41a2f0e3c73ef5ff
SHA256

eae62175cebb33521e1f2c250a0715dcdc93f9787eb96c871dc2d0ba48b3e3ba
SHA512

e517bdbba891e3e4b929255b4a2a24a62b67c6a3c94d913d496d3c735dc25c59f1240148f7179db3c5e64344344c9385eddb7508233c334605cd3069e65b8947
SSDEEP

6144:xHvQjzb2lszlh979Hd+aIIFCd5J5xQUXPD39P5uSSPzFF95sU:hQjziGlD7xd+zXDSY7pSPB

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  eae62175cebb33521e1f2c250a0715dcdc93f9787eb96c871dc2d0ba48b3e3ba
- Size
  
  318KB
- MD5
  
  e4793a916988680cb6c486a4d22a0ca2
- SHA1
  
  6269b79ad380e6af276bb14e41a2f0e3c73ef5ff
- SHA256
  
  eae62175cebb33521e1f2c250a0715dcdc93f9787eb96c871dc2d0ba48b3e3ba
- SHA512
  
  e517bdbba891e3e4b929255b4a2a24a62b67c6a3c94d913d496d3c735dc25c59f1240148f7179db3c5e64344344c9385eddb7508233c334605cd3069e65b8947
- SSDEEP
  
  6144:xHvQjzb2lszlh979Hd+aIIFCd5J5xQUXPD39P5uSSPzFF95sU:hQjziGlD7xd+zXDSY7pSPB
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2