c67670460262b6989bf0c63768bbb7be30286c3ce652d699831eb0b934d5bd4e | Triage

Sharing

General

Target

c67670460262b6989bf0c63768bbb7be30286c3ce652d699831eb0b934d5bd4e
Size

105KB
Sample

221125-khmkpahd9t
MD5

92c535addeff7ecac919e373556bfb79
SHA1

a50acb99696bd4ddc1556610f3d0427188572056
SHA256

c67670460262b6989bf0c63768bbb7be30286c3ce652d699831eb0b934d5bd4e
SHA512

8acc0fbbfa89f85d7a81e8f60faad0734dfe5e7a48d9ea14904143dfc5e5ab3a6ead840aad03137299b93d177bf6fd15632aae02713b2bf8d3a14959d1a849f7
SSDEEP

1536:vJzZEdih8l1KrHiujC0MGyzGWfLTO368NVrVwR5b29S/S9f0SInJP:RzZEdih8l1qHi+jgLRG+h2wnSInJ

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  c67670460262b6989bf0c63768bbb7be30286c3ce652d699831eb0b934d5bd4e
- Size
  
  105KB
- MD5
  
  92c535addeff7ecac919e373556bfb79
- SHA1
  
  a50acb99696bd4ddc1556610f3d0427188572056
- SHA256
  
  c67670460262b6989bf0c63768bbb7be30286c3ce652d699831eb0b934d5bd4e
- SHA512
  
  8acc0fbbfa89f85d7a81e8f60faad0734dfe5e7a48d9ea14904143dfc5e5ab3a6ead840aad03137299b93d177bf6fd15632aae02713b2bf8d3a14959d1a849f7
- SSDEEP
  
  1536:vJzZEdih8l1KrHiujC0MGyzGWfLTO368NVrVwR5b29S/S9f0SInJP:RzZEdih8l1qHi+jgLRG+h2wnSInJ
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence