ef55e717fcef0d0e3d68591b063a356b3a753a68314891523b478c9f37d2c516 | Triage

Sharing

General

Target

ef55e717fcef0d0e3d68591b063a356b3a753a68314891523b478c9f37d2c516
Size

150KB
Sample

221123-syv6rsff6t
MD5

a9a9c1293818f3b3832421628470bd47
SHA1

ccbef0073293c92bbd07967dbf89e6f90108c854
SHA256

ef55e717fcef0d0e3d68591b063a356b3a753a68314891523b478c9f37d2c516
SHA512

31bd0f07e7a2b0273da9aedce641faa22cf99935cd43db6dff977b9b5a35fb3b191805b937f65c41c512c29ff66a9429effd028cd4567a4bc457db7ec2b4eed5
SSDEEP

3072:c44Y9tHjecMNVjbKMA31XH6mTOOWLPfn/1LFfpD77MXa:c4pqmMA31XUFXn/1LFhr

Score

8^/10

Malware Config

Targets

- Target
  
  ef55e717fcef0d0e3d68591b063a356b3a753a68314891523b478c9f37d2c516
- Size
  
  150KB
- MD5
  
  a9a9c1293818f3b3832421628470bd47
- SHA1
  
  ccbef0073293c92bbd07967dbf89e6f90108c854
- SHA256
  
  ef55e717fcef0d0e3d68591b063a356b3a753a68314891523b478c9f37d2c516
- SHA512
  
  31bd0f07e7a2b0273da9aedce641faa22cf99935cd43db6dff977b9b5a35fb3b191805b937f65c41c512c29ff66a9429effd028cd4567a4bc457db7ec2b4eed5
- SSDEEP
  
  3072:c44Y9tHjecMNVjbKMA31XH6mTOOWLPfn/1LFfpD77MXa:c4pqmMA31XUFXn/1LFhr
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2