78c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e | Triage

Sharing

General

Target

78c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e
Size

246KB
Sample

221123-xmlv6sad9w
MD5

45128efe493234906ecc0d34392b87fb
SHA1

614cd3f781aced63f9cbfb2d1134d193d5f917ee
SHA256

78c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e
SHA512

5121c218c49fb4b862ce2a0baa85d392169fdb1d09f2a7473ff171c40610b279a2dd92a51674162b36e1583d0cfa68281c67e5728613fab1b6facd61b1239bc9
SSDEEP

3072:DxoVC/AFLxIu1v+Xq9EzmTpjeG/9Q04Smo5HaeD91knKkaY6l6l1GLcSf:DiQAFFJB+Xq9BTpag94SFt1Qj1Gx

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  78c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e
- Size
  
  246KB
- MD5
  
  45128efe493234906ecc0d34392b87fb
- SHA1
  
  614cd3f781aced63f9cbfb2d1134d193d5f917ee
- SHA256
  
  78c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e
- SHA512
  
  5121c218c49fb4b862ce2a0baa85d392169fdb1d09f2a7473ff171c40610b279a2dd92a51674162b36e1583d0cfa68281c67e5728613fab1b6facd61b1239bc9
- SSDEEP
  
  3072:DxoVC/AFLxIu1v+Xq9EzmTpjeG/9Q04Smo5HaeD91knKkaY6l6l1GLcSf:DiQAFFJB+Xq9BTpag94SFt1Qj1Gx
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2