a180718a9b4445fd04ede315c1431ceff8c0ad583dc814abe10d2ddbe21f4394 | Triage

Sharing

General

Target

a180718a9b4445fd04ede315c1431ceff8c0ad583dc814abe10d2ddbe21f4394
Size

317KB
Sample

221125-h6nrjseb31
MD5

3cc2a41c68b3a80d0e67fba46507edeb
SHA1

97715f7bfb03e9970727a7b10919b952e4373ae4
SHA256

a180718a9b4445fd04ede315c1431ceff8c0ad583dc814abe10d2ddbe21f4394
SHA512

68e123ed219ebd72b16ffe1e03c93948f13b8fb69edf17daaa58b6a6c76d8e87cf7dff4b7a7c53d8f7aed534363991f9b0811f213d87e03c5d861cf1e6d966bd
SSDEEP

6144:21W1u2oBJZp1OfPOSjTp/q2LsrnZkPXfsO9qpzxHFmMHoOpCxv:21W1u2oHDsG2pSrZk/EO2zVIEoOpC1

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  a180718a9b4445fd04ede315c1431ceff8c0ad583dc814abe10d2ddbe21f4394
- Size
  
  317KB
- MD5
  
  3cc2a41c68b3a80d0e67fba46507edeb
- SHA1
  
  97715f7bfb03e9970727a7b10919b952e4373ae4
- SHA256
  
  a180718a9b4445fd04ede315c1431ceff8c0ad583dc814abe10d2ddbe21f4394
- SHA512
  
  68e123ed219ebd72b16ffe1e03c93948f13b8fb69edf17daaa58b6a6c76d8e87cf7dff4b7a7c53d8f7aed534363991f9b0811f213d87e03c5d861cf1e6d966bd
- SSDEEP
  
  6144:21W1u2oBJZp1OfPOSjTp/q2LsrnZkPXfsO9qpzxHFmMHoOpCxv:21W1u2oHDsG2pSrZk/EO2zVIEoOpC1
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks for any installed AV software in registry
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2