4c4c5c5e1fd71b82b2f2cd497c4241b2b776635de4d899c281f3cb8157e109ec | Triage

Sharing

General

Target

4c4c5c5e1fd71b82b2f2cd497c4241b2b776635de4d899c281f3cb8157e109ec
Size

846KB
Sample

221129-k778pahf7t
MD5

6edcedb37a7430c85e0899fe50da8d40
SHA1

dcf0296a6106294af96e5f914c173aa664d0fb96
SHA256

4c4c5c5e1fd71b82b2f2cd497c4241b2b776635de4d899c281f3cb8157e109ec
SHA512

b68c0531ac3cdb9bedafe235ff0fde2f14080a6d1038749fa4a75bf512e40fe016f5589f7bec751588f1d5616f1f2600ccc362a53aadf6d4f217cc928ca5f3c7
SSDEEP

6144:jPavkfCnpdseVsDL5jxgcYORITHGi2oBsj:jPaxpyeVsf5SczOp2oB2

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  4c4c5c5e1fd71b82b2f2cd497c4241b2b776635de4d899c281f3cb8157e109ec
- Size
  
  846KB
- MD5
  
  6edcedb37a7430c85e0899fe50da8d40
- SHA1
  
  dcf0296a6106294af96e5f914c173aa664d0fb96
- SHA256
  
  4c4c5c5e1fd71b82b2f2cd497c4241b2b776635de4d899c281f3cb8157e109ec
- SHA512
  
  b68c0531ac3cdb9bedafe235ff0fde2f14080a6d1038749fa4a75bf512e40fe016f5589f7bec751588f1d5616f1f2600ccc362a53aadf6d4f217cc928ca5f3c7
- SSDEEP
  
  6144:jPavkfCnpdseVsDL5jxgcYORITHGi2oBsj:jPaxpyeVsf5SczOp2oB2
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2