fa9a25aabc6f04f477733304101bc5c0fb9f52a4f873f4152bb62611e01ef497 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa9a25aabc6f04f477733304101bc5c0fb9f52a4f873f4152bb62611e01ef497
Size

403KB
Sample

221127-z9p78aec3w
MD5

488b894db215a769112d6137122fa7b3
SHA1

a0457680f5dd5341bd58b2579456ce4b1249ede7
SHA256

fa9a25aabc6f04f477733304101bc5c0fb9f52a4f873f4152bb62611e01ef497
SHA512

dd6f13fafd6434944181faa0fe778d8208d3cf62e5c2073ee6c5c96fade1d3c17e75e5a9aaa937c546d1aa704c5a70a3e7773e2c4f8bdfa3ed2137c64f4cf9a5
SSDEEP

6144:rPEwiS2+fdX1yrNM9I5QpO64tpan0sxK0fEKIypQV5lr3:zXBpO6GCOXRwfTqVz

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  fa9a25aabc6f04f477733304101bc5c0fb9f52a4f873f4152bb62611e01ef497
- Size
  
  403KB
- MD5
  
  488b894db215a769112d6137122fa7b3
- SHA1
  
  a0457680f5dd5341bd58b2579456ce4b1249ede7
- SHA256
  
  fa9a25aabc6f04f477733304101bc5c0fb9f52a4f873f4152bb62611e01ef497
- SHA512
  
  dd6f13fafd6434944181faa0fe778d8208d3cf62e5c2073ee6c5c96fade1d3c17e75e5a9aaa937c546d1aa704c5a70a3e7773e2c4f8bdfa3ed2137c64f4cf9a5
- SSDEEP
  
  6144:rPEwiS2+fdX1yrNM9I5QpO64tpan0sxK0fEKIypQV5lr3:zXBpO6GCOXRwfTqVz
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2