0484e6c6a2ec20de7f1c12448cf1778c3cbec9b9604ac4ebddec24d4baf899cf | Triage

Sharing

General

Target

0484e6c6a2ec20de7f1c12448cf1778c3cbec9b9604ac4ebddec24d4baf899cf
Size

298KB
Sample

221126-kjx3taaa6t
MD5

93b3e1701808b1df47f03d16bb665433
SHA1

651fca1bea3633c9cb244ce6264cdc2b7d8ca636
SHA256

0484e6c6a2ec20de7f1c12448cf1778c3cbec9b9604ac4ebddec24d4baf899cf
SHA512

0e94579fed6e40d31655e7498f98ac70e4b2f584c6324f00f1f746988881c0d60df771d60150f4480d72401fceeeadad7d12fcabdb19e7a21965d9479d77973a
SSDEEP

3072:/7UZPFONmR6SnQd1tDETgnzmz2hrT+1G/WAu7KMB8W2QFuWM8AMzl7WlyHBFbTDQ:4tFQy6G61tDa2yUT+rflG2SKP+2BB4

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  0484e6c6a2ec20de7f1c12448cf1778c3cbec9b9604ac4ebddec24d4baf899cf
- Size
  
  298KB
- MD5
  
  93b3e1701808b1df47f03d16bb665433
- SHA1
  
  651fca1bea3633c9cb244ce6264cdc2b7d8ca636
- SHA256
  
  0484e6c6a2ec20de7f1c12448cf1778c3cbec9b9604ac4ebddec24d4baf899cf
- SHA512
  
  0e94579fed6e40d31655e7498f98ac70e4b2f584c6324f00f1f746988881c0d60df771d60150f4480d72401fceeeadad7d12fcabdb19e7a21965d9479d77973a
- SSDEEP
  
  3072:/7UZPFONmR6SnQd1tDETgnzmz2hrT+1G/WAu7KMB8W2QFuWM8AMzl7WlyHBFbTDQ:4tFQy6G61tDa2yUT+rflG2SKP+2BB4
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2