0c1e130ff8aa5352dc9ca722d2beb26dbe508b271ea1c3a8c6c1945591621ed8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c1e130ff8aa5352dc9ca722d2beb26dbe508b271ea1c3a8c6c1945591621ed8
Size

1.5MB
Sample

221125-m3erpafd4x
MD5

c518467781344ec2a751ab1a7410ad5d
SHA1

3a94ba53d128b67751dce8d3216a423d55d00eb3
SHA256

0c1e130ff8aa5352dc9ca722d2beb26dbe508b271ea1c3a8c6c1945591621ed8
SHA512

df6296b263de9afef2ced93dd7e807f57dd92e9330dc0f45da1be2a38aaff6876a0324e363b46a4f6603638199272ef6cbdae3a912b8532ab53c1961a58fb8d6
SSDEEP

24576:Hpa/O74CNt3r2J2FC3eUldZUJ3OlKU4UDcc6Cy+9eGJ:wcZC35VcOcmDcc6Cdf

Score

7^/10

Malware Config

Targets

- Target
  
  0c1e130ff8aa5352dc9ca722d2beb26dbe508b271ea1c3a8c6c1945591621ed8
- Size
  
  1.5MB
- MD5
  
  c518467781344ec2a751ab1a7410ad5d
- SHA1
  
  3a94ba53d128b67751dce8d3216a423d55d00eb3
- SHA256
  
  0c1e130ff8aa5352dc9ca722d2beb26dbe508b271ea1c3a8c6c1945591621ed8
- SHA512
  
  df6296b263de9afef2ced93dd7e807f57dd92e9330dc0f45da1be2a38aaff6876a0324e363b46a4f6603638199272ef6cbdae3a912b8532ab53c1961a58fb8d6
- SSDEEP
  
  24576:Hpa/O74CNt3r2J2FC3eUldZUJ3OlKU4UDcc6Cy+9eGJ:wcZC35VcOcmDcc6Cdf
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2