General

  • Target

    493e3110e181ce76a00f5d56cac9cc4e6b0033f87e336e9d51d573a1e35e0202

  • Size

    72KB

  • Sample

    221127-tmaalaec51

  • MD5

    618597a8ea22d3c9b532c095556c6f59

  • SHA1

    0aea6eafe3205fa86808872d98095a87493a1371

  • SHA256

    493e3110e181ce76a00f5d56cac9cc4e6b0033f87e336e9d51d573a1e35e0202

  • SHA512

    1ead288208c60a6ed2332cfec1b3ad616509e4efdb4e6e9966161c7f653e163fc287e4b23c50c3efc55f20effbb3238c9b797244e7f0a283f314f4290b10dda3

  • SSDEEP

    1536:vprQDLIxIlNqR5AQqP5q3jAIs1oV8ERW7XS9qf+6N20:hrtxIlNq3Anhq3xs1oCERWTV+6Nd

Score
8/10

Malware Config

Targets

    • Target

      493e3110e181ce76a00f5d56cac9cc4e6b0033f87e336e9d51d573a1e35e0202

    • Size

      72KB

    • MD5

      618597a8ea22d3c9b532c095556c6f59

    • SHA1

      0aea6eafe3205fa86808872d98095a87493a1371

    • SHA256

      493e3110e181ce76a00f5d56cac9cc4e6b0033f87e336e9d51d573a1e35e0202

    • SHA512

      1ead288208c60a6ed2332cfec1b3ad616509e4efdb4e6e9966161c7f653e163fc287e4b23c50c3efc55f20effbb3238c9b797244e7f0a283f314f4290b10dda3

    • SSDEEP

      1536:vprQDLIxIlNqR5AQqP5q3jAIs1oV8ERW7XS9qf+6N20:hrtxIlNq3Anhq3xs1oCERWTV+6Nd

    Score
    8/10
    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks