b9e41cf3e6c65a9d5e8221facbca332bd87f20018363ba0226bb8ff0a692e00e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9e41cf3e6c65a9d5e8221facbca332bd87f20018363ba0226bb8ff0a692e00e
Size

263KB
Sample

221125-ylsg1aec5s
MD5

256d6ec04446dbe7a62d218f068da600
SHA1

15b0b7bf6056344878a35ea621f8750fd2921729
SHA256

b9e41cf3e6c65a9d5e8221facbca332bd87f20018363ba0226bb8ff0a692e00e
SHA512

8c240ab303d5b3a3b48aefea1516424be3c4529ed6432c0fc74b6b83e0501593e21757be703f9e9b7f48d6510954e8e52543b315365dec90209d01fed753b481
SSDEEP

3072:jjkKZWygHY/PlI4pNsDhKhlLXIvWt8OhE025grUN9r+xmI3VeiYxfCo796HZJlYY:Pn04pqdgXIvWuylfrUiNo796HPWcbD

Score

7^/10

Malware Config

Targets

- Target
  
  b9e41cf3e6c65a9d5e8221facbca332bd87f20018363ba0226bb8ff0a692e00e
- Size
  
  263KB
- MD5
  
  256d6ec04446dbe7a62d218f068da600
- SHA1
  
  15b0b7bf6056344878a35ea621f8750fd2921729
- SHA256
  
  b9e41cf3e6c65a9d5e8221facbca332bd87f20018363ba0226bb8ff0a692e00e
- SHA512
  
  8c240ab303d5b3a3b48aefea1516424be3c4529ed6432c0fc74b6b83e0501593e21757be703f9e9b7f48d6510954e8e52543b315365dec90209d01fed753b481
- SSDEEP
  
  3072:jjkKZWygHY/PlI4pNsDhKhlLXIvWt8OhE025grUN9r+xmI3VeiYxfCo796HZJlYY:Pn04pqdgXIvWuylfrUiNo796HPWcbD
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2