493e3110e181ce76a00f5d56cac9cc4e6b0033f87e336e9d51d573a1e35e0202 | Triage

Sharing

General

Target

493e3110e181ce76a00f5d56cac9cc4e6b0033f87e336e9d51d573a1e35e0202
Size

72KB
Sample

221127-tmaalaec51
MD5

618597a8ea22d3c9b532c095556c6f59
SHA1

0aea6eafe3205fa86808872d98095a87493a1371
SHA256

493e3110e181ce76a00f5d56cac9cc4e6b0033f87e336e9d51d573a1e35e0202
SHA512

1ead288208c60a6ed2332cfec1b3ad616509e4efdb4e6e9966161c7f653e163fc287e4b23c50c3efc55f20effbb3238c9b797244e7f0a283f314f4290b10dda3
SSDEEP

1536:vprQDLIxIlNqR5AQqP5q3jAIs1oV8ERW7XS9qf+6N20:hrtxIlNq3Anhq3xs1oCERWTV+6Nd

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  493e3110e181ce76a00f5d56cac9cc4e6b0033f87e336e9d51d573a1e35e0202
- Size
  
  72KB
- MD5
  
  618597a8ea22d3c9b532c095556c6f59
- SHA1
  
  0aea6eafe3205fa86808872d98095a87493a1371
- SHA256
  
  493e3110e181ce76a00f5d56cac9cc4e6b0033f87e336e9d51d573a1e35e0202
- SHA512
  
  1ead288208c60a6ed2332cfec1b3ad616509e4efdb4e6e9966161c7f653e163fc287e4b23c50c3efc55f20effbb3238c9b797244e7f0a283f314f4290b10dda3
- SSDEEP
  
  1536:vprQDLIxIlNqR5AQqP5q3jAIs1oV8ERW7XS9qf+6N20:hrtxIlNq3Anhq3xs1oCERWTV+6Nd
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2