f242374e518229643caa67f314f06c47ed5d1ba6287a2168ac6f84b2578fdbb3 | Triage

Sharing

General

Target

f242374e518229643caa67f314f06c47ed5d1ba6287a2168ac6f84b2578fdbb3
Size

192KB
Sample

221125-2jzebaca42
MD5

f8b629eee798245f18f2b7415642993a
SHA1

3853e76f713d1274f6e897b4957a74bd9fcfd98e
SHA256

f242374e518229643caa67f314f06c47ed5d1ba6287a2168ac6f84b2578fdbb3
SHA512

eba6df3594fa71d806d0910fc740371fb0223cd200344315e2cc0a109db01abfc223a3053a57c9651ff0eadb3fbac66f39de6a5a9e1d231a0f2fd342816549fe
SSDEEP

3072:kAoU1Bieu+xxf0pTraRV5uH/QJillUd2KltjGSVVfKmw9y:1in+oTCG/z62+9+y

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f242374e518229643caa67f314f06c47ed5d1ba6287a2168ac6f84b2578fdbb3
- Size
  
  192KB
- MD5
  
  f8b629eee798245f18f2b7415642993a
- SHA1
  
  3853e76f713d1274f6e897b4957a74bd9fcfd98e
- SHA256
  
  f242374e518229643caa67f314f06c47ed5d1ba6287a2168ac6f84b2578fdbb3
- SHA512
  
  eba6df3594fa71d806d0910fc740371fb0223cd200344315e2cc0a109db01abfc223a3053a57c9651ff0eadb3fbac66f39de6a5a9e1d231a0f2fd342816549fe
- SSDEEP
  
  3072:kAoU1Bieu+xxf0pTraRV5uH/QJillUd2KltjGSVVfKmw9y:1in+oTCG/z62+9+y
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2