44d22cee65d4b78674ad2b4cda253e01139d3e668bd26dc1146d26646382517d | Triage

Sharing

General

Target

44d22cee65d4b78674ad2b4cda253e01139d3e668bd26dc1146d26646382517d
Size

1.1MB
Sample

221123-vxj38adb7z
MD5

759a89d40794ea36eef8d544d2aac617
SHA1

5686942b21154f81803e72d9dba8d898ba9d7987
SHA256

44d22cee65d4b78674ad2b4cda253e01139d3e668bd26dc1146d26646382517d
SHA512

c94165d41a557074462173fe3d708bf3b09def31ea77cdad20729cf2a4145ecbef234e8b47af250991bf3387624b27de7f555f7f65d8b9859957e81475e5d65e
SSDEEP

24576:Ax2kxb3hcj33RhwoxrY/fE1fPKbuDbQHcsUep4nOPcJC:A15a3RhwgrL30uDkHcsUep4nO0

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  44d22cee65d4b78674ad2b4cda253e01139d3e668bd26dc1146d26646382517d
- Size
  
  1.1MB
- MD5
  
  759a89d40794ea36eef8d544d2aac617
- SHA1
  
  5686942b21154f81803e72d9dba8d898ba9d7987
- SHA256
  
  44d22cee65d4b78674ad2b4cda253e01139d3e668bd26dc1146d26646382517d
- SHA512
  
  c94165d41a557074462173fe3d708bf3b09def31ea77cdad20729cf2a4145ecbef234e8b47af250991bf3387624b27de7f555f7f65d8b9859957e81475e5d65e
- SSDEEP
  
  24576:Ax2kxb3hcj33RhwoxrY/fE1fPKbuDbQHcsUep4nOPcJC:A15a3RhwgrL30uDkHcsUep4nO0
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2