aad8520ed678e9d9b0893d0f74e6c1d632c8705179866f696a77a8fda56abc97 | Triage

Sharing

General

Target

aad8520ed678e9d9b0893d0f74e6c1d632c8705179866f696a77a8fda56abc97
Size

777KB
Sample

221125-pp8tqage87
MD5

d82e609b6ce178344f82b963648f67bc
SHA1

412496833d5f6d68c218053b4a5ce960d50a4d07
SHA256

aad8520ed678e9d9b0893d0f74e6c1d632c8705179866f696a77a8fda56abc97
SHA512

e9371dedd2de892764924e9febbe732cd62aef1699043dffd09bb6dc9ba5e886dea1943a62fc5aac7d9e0d97f6857a8a336e183c1b700246050ce17537da3561
SSDEEP

24576:tt24jEqdf2XHdnA/PmKH2v27efUlcaVW67fsMc:J7mpMm/lsqKWKf1c

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  aad8520ed678e9d9b0893d0f74e6c1d632c8705179866f696a77a8fda56abc97
- Size
  
  777KB
- MD5
  
  d82e609b6ce178344f82b963648f67bc
- SHA1
  
  412496833d5f6d68c218053b4a5ce960d50a4d07
- SHA256
  
  aad8520ed678e9d9b0893d0f74e6c1d632c8705179866f696a77a8fda56abc97
- SHA512
  
  e9371dedd2de892764924e9febbe732cd62aef1699043dffd09bb6dc9ba5e886dea1943a62fc5aac7d9e0d97f6857a8a336e183c1b700246050ce17537da3561
- SSDEEP
  
  24576:tt24jEqdf2XHdnA/PmKH2v27efUlcaVW67fsMc:J7mpMm/lsqKWKf1c
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2