8f62157b01612fda4cca0c4252a91040b5e4a419d20e1fa1ec02a8a91057b3c0 | Triage

Sharing

General

Target

8f62157b01612fda4cca0c4252a91040b5e4a419d20e1fa1ec02a8a91057b3c0
Size

211KB
Sample

221127-2qw8jaeb78
MD5

86107f181efb357096132db79081f054
SHA1

c43d6e92ba7fd82ac6955843368e7e72b8e9c6fb
SHA256

8f62157b01612fda4cca0c4252a91040b5e4a419d20e1fa1ec02a8a91057b3c0
SHA512

56e347cf6cb8afaa2cd83d017ce430beaa6122a67f7e521607491bd829c587f76347f971e7dd6d2645ac22b68f7ee599bf0c3dccf8f1cee07847840e655a7cb9
SSDEEP

3072:sjAT+nz8M6G2EutG+rU1Mayy+l15YLdBvuUAWL/OJSL4qxUPJZjTZr8U:hsWy+IAl15Y5BvzTD4qxUXThF

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8f62157b01612fda4cca0c4252a91040b5e4a419d20e1fa1ec02a8a91057b3c0
- Size
  
  211KB
- MD5
  
  86107f181efb357096132db79081f054
- SHA1
  
  c43d6e92ba7fd82ac6955843368e7e72b8e9c6fb
- SHA256
  
  8f62157b01612fda4cca0c4252a91040b5e4a419d20e1fa1ec02a8a91057b3c0
- SHA512
  
  56e347cf6cb8afaa2cd83d017ce430beaa6122a67f7e521607491bd829c587f76347f971e7dd6d2645ac22b68f7ee599bf0c3dccf8f1cee07847840e655a7cb9
- SSDEEP
  
  3072:sjAT+nz8M6G2EutG+rU1Mayy+l15YLdBvuUAWL/OJSL4qxUPJZjTZr8U:hsWy+IAl15Y5BvzTD4qxUXThF
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2