d723188432a97636fcb4a8f0b56801cc7548f6417a416167813030fe2abb8b2f | Triage

Sharing

General

Target

d723188432a97636fcb4a8f0b56801cc7548f6417a416167813030fe2abb8b2f
Size

236KB
Sample

221123-s8mmdagd5s
MD5

26dd5a0771a82e20b3cbeadfbb3bc75c
SHA1

8fc92c044b54e07a8d3398737e2d4ecdf2aa2ac9
SHA256

d723188432a97636fcb4a8f0b56801cc7548f6417a416167813030fe2abb8b2f
SHA512

1b39f2fe36b5ff2dbd96e1ee3138cb21867d2d27049979b4c948ac8efcab5e9e07b3e26fad51612b2050c086f24b68dc8d72b8534300117ec5496eac7978c75c
SSDEEP

3072:2p9hQz2XenTwq3Oh9oGO91LzNZ7snwJ+nezEnSPt87wifyBxI:+s2unTw2+0K4+nuF87wifyB2

Score

9^/10

persistence

Malware Config

Targets

- Target
  
  d723188432a97636fcb4a8f0b56801cc7548f6417a416167813030fe2abb8b2f
- Size
  
  236KB
- MD5
  
  26dd5a0771a82e20b3cbeadfbb3bc75c
- SHA1
  
  8fc92c044b54e07a8d3398737e2d4ecdf2aa2ac9
- SHA256
  
  d723188432a97636fcb4a8f0b56801cc7548f6417a416167813030fe2abb8b2f
- SHA512
  
  1b39f2fe36b5ff2dbd96e1ee3138cb21867d2d27049979b4c948ac8efcab5e9e07b3e26fad51612b2050c086f24b68dc8d72b8534300117ec5496eac7978c75c
- SSDEEP
  
  3072:2p9hQz2XenTwq3Oh9oGO91LzNZ7snwJ+nezEnSPt87wifyBxI:+s2unTw2+0K4+nuF87wifyB2
Score

9^/10

persistence
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Program crash
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Account Manipulation

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2