c1012b5c19f30e56bd3f8e2c53cbec9f7608198bbd7e7780cf1d05bd8ad564a3 | Triage

Sharing

General

Target

c1012b5c19f30e56bd3f8e2c53cbec9f7608198bbd7e7780cf1d05bd8ad564a3
Size

236KB
Sample

221127-t7q4vacc94
MD5

0befb55b74d6a88e34f3ba09861e7848
SHA1

b866423ae2b9b94fb15e9c42e289c017e12d7203
SHA256

c1012b5c19f30e56bd3f8e2c53cbec9f7608198bbd7e7780cf1d05bd8ad564a3
SHA512

8c5915e9025e8b410292d1305684d18590ff5cff246b3c673d59c328ebab5c224945540a0fc91a01c5404c013f514e81943b1eb95ad9f8ee1096f1be26e0e0ac
SSDEEP

6144:5bDfvIG4HOVxKsMnKdA7S5c1yOKZvHfNhb:RfvIG4HGKsMKK8c1yOK1F

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  c1012b5c19f30e56bd3f8e2c53cbec9f7608198bbd7e7780cf1d05bd8ad564a3
- Size
  
  236KB
- MD5
  
  0befb55b74d6a88e34f3ba09861e7848
- SHA1
  
  b866423ae2b9b94fb15e9c42e289c017e12d7203
- SHA256
  
  c1012b5c19f30e56bd3f8e2c53cbec9f7608198bbd7e7780cf1d05bd8ad564a3
- SHA512
  
  8c5915e9025e8b410292d1305684d18590ff5cff246b3c673d59c328ebab5c224945540a0fc91a01c5404c013f514e81943b1eb95ad9f8ee1096f1be26e0e0ac
- SSDEEP
  
  6144:5bDfvIG4HOVxKsMnKdA7S5c1yOKZvHfNhb:RfvIG4HGKsMKK8c1yOK1F
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks for any installed AV software in registry
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2