8e39aa87b8fd60418114cf10d809121e41e8d7a179bef823ea5e0d1b132be0a2 | Triage

Sharing

General

Target

8e39aa87b8fd60418114cf10d809121e41e8d7a179bef823ea5e0d1b132be0a2
Size

586KB
Sample

221127-jvr59seh5s
MD5

9a6a4fd08a7a2b287f5a4fad540be0da
SHA1

e65cdb5e489e636fa9ce5f5557e5dde1843b7a71
SHA256

8e39aa87b8fd60418114cf10d809121e41e8d7a179bef823ea5e0d1b132be0a2
SHA512

6a61c6f35c460fe6d19ac0aa4a5e94f7507e1bc7bf1126aee67d824888c27390692dfe6afaba78f1b70418398ac7619e3a7448341e836011a0661944f9f280dd
SSDEEP

12288:mJhDimZkrr7i37gz5iVwxrT/3ZUxsWZTewowqynIxj:ILZk/7Q8ttV73ZUxp4wowqyC

Score

8^/10

Malware Config

Targets

- Target
  
  8e39aa87b8fd60418114cf10d809121e41e8d7a179bef823ea5e0d1b132be0a2
- Size
  
  586KB
- MD5
  
  9a6a4fd08a7a2b287f5a4fad540be0da
- SHA1
  
  e65cdb5e489e636fa9ce5f5557e5dde1843b7a71
- SHA256
  
  8e39aa87b8fd60418114cf10d809121e41e8d7a179bef823ea5e0d1b132be0a2
- SHA512
  
  6a61c6f35c460fe6d19ac0aa4a5e94f7507e1bc7bf1126aee67d824888c27390692dfe6afaba78f1b70418398ac7619e3a7448341e836011a0661944f9f280dd
- SSDEEP
  
  12288:mJhDimZkrr7i37gz5iVwxrT/3ZUxsWZTewowqynIxj:ILZk/7Q8ttV73ZUxp4wowqyC
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2