bc2f5e6053c600b9554f98af9694ef8ab0b036a76a3ca8d433696d742242b7f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc2f5e6053c600b9554f98af9694ef8ab0b036a76a3ca8d433696d742242b7f7
Size

17.3MB
Sample

221128-be3ytsgg8v
MD5

ad0dc299dca4e8b0def8b802bb1e5574
SHA1

e50fd5463884b12fdfe555ac2d2c68738109ad52
SHA256

bc2f5e6053c600b9554f98af9694ef8ab0b036a76a3ca8d433696d742242b7f7
SHA512

d7a82aa17fdf8c950d0090028177d46c7422e8b2931814ec25ea6e798a4e142872ae22005d36c263764d609d180b5e2770cb1e25a803b732e35666f6713544d0
SSDEEP

393216:ShmNxkCNkNiAgNX8jijT1xaVkseqCGAS6TbHLlbjYApBN:XsyMj6T1xaKq/AZTbHNcALN

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  bc2f5e6053c600b9554f98af9694ef8ab0b036a76a3ca8d433696d742242b7f7
- Size
  
  17.3MB
- MD5
  
  ad0dc299dca4e8b0def8b802bb1e5574
- SHA1
  
  e50fd5463884b12fdfe555ac2d2c68738109ad52
- SHA256
  
  bc2f5e6053c600b9554f98af9694ef8ab0b036a76a3ca8d433696d742242b7f7
- SHA512
  
  d7a82aa17fdf8c950d0090028177d46c7422e8b2931814ec25ea6e798a4e142872ae22005d36c263764d609d180b5e2770cb1e25a803b732e35666f6713544d0
- SSDEEP
  
  393216:ShmNxkCNkNiAgNX8jijT1xaVkseqCGAS6TbHLlbjYApBN:XsyMj6T1xaKq/AZTbHNcALN
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2