384dca197397f927dcdbd3b374ea122eddd4ac238a09a6cbd77a15efeb86db0f | Triage

Sharing

General

Target

384dca197397f927dcdbd3b374ea122eddd4ac238a09a6cbd77a15efeb86db0f
Size

471KB
Sample

221125-vkvdesbh27
MD5

f38730ba20d9605f524c1189b19cdec0
SHA1

3d46a675a08b4c9fcad57db5e2805548c57781a3
SHA256

384dca197397f927dcdbd3b374ea122eddd4ac238a09a6cbd77a15efeb86db0f
SHA512

354a8d42a5bd797a06168d5d02fe5e7ea1c8a162b65e7d687fa36ae71835259f3262dee130160d5c95d8345636403f1e16f88bff24e9fdb8cd64fd7f9664e130
SSDEEP

12288:HsT9vIZGNkW+ANVQmcUlaBrozM+ygQsnI/fhx5dHOhPMH:spNyANVJcUkvLsnCx/HOhkH

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  384dca197397f927dcdbd3b374ea122eddd4ac238a09a6cbd77a15efeb86db0f
- Size
  
  471KB
- MD5
  
  f38730ba20d9605f524c1189b19cdec0
- SHA1
  
  3d46a675a08b4c9fcad57db5e2805548c57781a3
- SHA256
  
  384dca197397f927dcdbd3b374ea122eddd4ac238a09a6cbd77a15efeb86db0f
- SHA512
  
  354a8d42a5bd797a06168d5d02fe5e7ea1c8a162b65e7d687fa36ae71835259f3262dee130160d5c95d8345636403f1e16f88bff24e9fdb8cd64fd7f9664e130
- SSDEEP
  
  12288:HsT9vIZGNkW+ANVQmcUlaBrozM+ygQsnI/fhx5dHOhPMH:spNyANVJcUkvLsnCx/HOhkH
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2