85f85f52451a4386000ebb67063103742aa8648d9328ec2a4dec67428ca034ed | Triage

Sharing

General

Target

85f85f52451a4386000ebb67063103742aa8648d9328ec2a4dec67428ca034ed
Size

419KB
Sample

221127-rm7vrahb21
MD5

08693e673d23ac2c0c78b9ef8dabe218
SHA1

b73cccfaf8b4f9ba7645eb8693124b637a8abf8d
SHA256

85f85f52451a4386000ebb67063103742aa8648d9328ec2a4dec67428ca034ed
SHA512

007a302f0a2b64d13f408f3784beca07138b6e80ae464d50e2a43bd1771292e546a68f6a13ac243feaf956ab6d9bd152505ff6e6924f3116e9abfcbcc597cac2
SSDEEP

12288:VHMjpqaCqho40Vxl/RRAvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvf:dcN+Ll/RRw

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  85f85f52451a4386000ebb67063103742aa8648d9328ec2a4dec67428ca034ed
- Size
  
  419KB
- MD5
  
  08693e673d23ac2c0c78b9ef8dabe218
- SHA1
  
  b73cccfaf8b4f9ba7645eb8693124b637a8abf8d
- SHA256
  
  85f85f52451a4386000ebb67063103742aa8648d9328ec2a4dec67428ca034ed
- SHA512
  
  007a302f0a2b64d13f408f3784beca07138b6e80ae464d50e2a43bd1771292e546a68f6a13ac243feaf956ab6d9bd152505ff6e6924f3116e9abfcbcc597cac2
- SSDEEP
  
  12288:VHMjpqaCqho40Vxl/RRAvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvf:dcN+Ll/RRw
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2