f79f7559f4e81f94e86a9a97b697411c698258b8974e39363f553f7db90f2496 | Triage

Sharing

General

Target

f79f7559f4e81f94e86a9a97b697411c698258b8974e39363f553f7db90f2496
Size

2.1MB
Sample

221125-lf3dssgb33
MD5

2cfd38f60aabd75b54fc4429ac2e6ed2
SHA1

62ff3eb009fff0b4082ab3502dd3f6b68930d930
SHA256

f79f7559f4e81f94e86a9a97b697411c698258b8974e39363f553f7db90f2496
SHA512

2e8af4c711f8a89c57e7c94968ac6e0f911a6590f562e2e47388f0d22a8029fb76b019a3ef716972b5981ecfbf919abb1863563b554a1d364a6a53ee8c30b4e0
SSDEEP

49152:Z3j90hvaUXFba4v8AmA+CqQzSEJHZDUq:Zx0hvRXFpv8Az+CPRJH

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f79f7559f4e81f94e86a9a97b697411c698258b8974e39363f553f7db90f2496
- Size
  
  2.1MB
- MD5
  
  2cfd38f60aabd75b54fc4429ac2e6ed2
- SHA1
  
  62ff3eb009fff0b4082ab3502dd3f6b68930d930
- SHA256
  
  f79f7559f4e81f94e86a9a97b697411c698258b8974e39363f553f7db90f2496
- SHA512
  
  2e8af4c711f8a89c57e7c94968ac6e0f911a6590f562e2e47388f0d22a8029fb76b019a3ef716972b5981ecfbf919abb1863563b554a1d364a6a53ee8c30b4e0
- SSDEEP
  
  49152:Z3j90hvaUXFba4v8AmA+CqQzSEJHZDUq:Zx0hvRXFpv8Az+CPRJH
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2