03dfd925b116ae0e233d3f3f8f7c909a327b01f4709163614a394fedeed0fcee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03dfd925b116ae0e233d3f3f8f7c909a327b01f4709163614a394fedeed0fcee
Size

686KB
Sample

221127-h2k5vshb44
MD5

c4884c93e73f7af897b8a63e5fbcb555
SHA1

e933775937ac9435e26ea818a550959535443398
SHA256

03dfd925b116ae0e233d3f3f8f7c909a327b01f4709163614a394fedeed0fcee
SHA512

7fd0690c9cfe7dd3033fe6af99a6a6bbad40c0fc347dd4f02866a98af0a03dc1b3602432b53a453a3fa684ad3669c760284e29bff7be09dcee9c5453a3fab824
SSDEEP

12288:/2LhQ2kWt0nFuaPPONSLVZaqRLPCKHt3ajJuB9/c8Rg63L363jLIgnIxm:/uC2WFzPXhZHPt3sJuTc8RgFb

Score

8^/10

Malware Config

Targets

- Target
  
  03dfd925b116ae0e233d3f3f8f7c909a327b01f4709163614a394fedeed0fcee
- Size
  
  686KB
- MD5
  
  c4884c93e73f7af897b8a63e5fbcb555
- SHA1
  
  e933775937ac9435e26ea818a550959535443398
- SHA256
  
  03dfd925b116ae0e233d3f3f8f7c909a327b01f4709163614a394fedeed0fcee
- SHA512
  
  7fd0690c9cfe7dd3033fe6af99a6a6bbad40c0fc347dd4f02866a98af0a03dc1b3602432b53a453a3fa684ad3669c760284e29bff7be09dcee9c5453a3fab824
- SSDEEP
  
  12288:/2LhQ2kWt0nFuaPPONSLVZaqRLPCKHt3ajJuB9/c8Rg63L363jLIgnIxm:/uC2WFzPXhZHPt3sJuTc8RgFb
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2