a509cc02a8ad2c8f730e9e81e21375bd2ead873435370d9a996535822af8031d | Triage

Sharing

General

Target

a509cc02a8ad2c8f730e9e81e21375bd2ead873435370d9a996535822af8031d
Size

388KB
Sample

221124-fzsqtabe66
MD5

ee48923e9421a22a7ce1af204faf3495
SHA1

91e2e2894c5a291deece18edf727bff17460b267
SHA256

a509cc02a8ad2c8f730e9e81e21375bd2ead873435370d9a996535822af8031d
SHA512

f562d7ee04a8f5709ba2553a78123049130a89f33c650d0d5b824d0c009c8fab7e2c1297508ac50849c06b38574521c7dab76337134b41f1e046aa1c89c7dd1d
SSDEEP

6144:08tK5Ggk1+vOd0RneBRQALcMqB6D5B1RDHmIEaqddK:uMgk1Yd8R2MqIDz1xHmIPQg

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  a509cc02a8ad2c8f730e9e81e21375bd2ead873435370d9a996535822af8031d
- Size
  
  388KB
- MD5
  
  ee48923e9421a22a7ce1af204faf3495
- SHA1
  
  91e2e2894c5a291deece18edf727bff17460b267
- SHA256
  
  a509cc02a8ad2c8f730e9e81e21375bd2ead873435370d9a996535822af8031d
- SHA512
  
  f562d7ee04a8f5709ba2553a78123049130a89f33c650d0d5b824d0c009c8fab7e2c1297508ac50849c06b38574521c7dab76337134b41f1e046aa1c89c7dd1d
- SSDEEP
  
  6144:08tK5Ggk1+vOd0RneBRQALcMqB6D5B1RDHmIEaqddK:uMgk1Yd8R2MqIDz1xHmIPQg
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2