97f6f977d52149fc1f2bcfa965df424fcab834d81107dc05e21515e2f1cd6d54 | Triage

Sharing

General

Target

97f6f977d52149fc1f2bcfa965df424fcab834d81107dc05e21515e2f1cd6d54
Size

196KB
Sample

221129-fhg8rabb4w
MD5

3e821556e1fa5dccaff93efd8471e185
SHA1

e0d9c604f8279adb79cbcd3489f2d6aef23fd498
SHA256

97f6f977d52149fc1f2bcfa965df424fcab834d81107dc05e21515e2f1cd6d54
SHA512

16f21eeadbb9f454f92c845120a10e8c1e7775e51330b42a998d52d1b42e2976e142ee03921401a0cc63c430ef90d42af9d3f4cf08e8c2cd678b1a06cfd265ce
SSDEEP

3072:VcQ/XXYK5+FLiKjnoUtjICsLgysqCO1e9n88gfZigOfYPAdu2:LHYK5+5Vkgyiye9nOxiBf2

Score

8^/10

Malware Config

Targets

- Target
  
  97f6f977d52149fc1f2bcfa965df424fcab834d81107dc05e21515e2f1cd6d54
- Size
  
  196KB
- MD5
  
  3e821556e1fa5dccaff93efd8471e185
- SHA1
  
  e0d9c604f8279adb79cbcd3489f2d6aef23fd498
- SHA256
  
  97f6f977d52149fc1f2bcfa965df424fcab834d81107dc05e21515e2f1cd6d54
- SHA512
  
  16f21eeadbb9f454f92c845120a10e8c1e7775e51330b42a998d52d1b42e2976e142ee03921401a0cc63c430ef90d42af9d3f4cf08e8c2cd678b1a06cfd265ce
- SSDEEP
  
  3072:VcQ/XXYK5+FLiKjnoUtjICsLgysqCO1e9n88gfZigOfYPAdu2:LHYK5+5Vkgyiye9nOxiBf2
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2