a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743 | Triage

Sharing

General

Target

a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743
Size

365KB
Sample

221129-nstcrshf2v
MD5

ee7d906ce2100fd7f0c7be70413b5494
SHA1

4f83ad1732f59f733d07d56b614963e0d38bed39
SHA256

a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743
SHA512

18ca5e7300ce177c86100aebcb64c858dbcc8c67c785823a28f66adcfd6549672529373a307e5effaa2be5102fd43a1061465a4d6d17a2c54bfc769e9cb90f1a
SSDEEP

6144:2Si07irC2F8NXC796TB9vj48UlL2XrzDcaTul3wMJInem5olCxjW:VDiZeVQkTrvj4sXrzDql16nBolX

Score

8^/10

Malware Config

Targets

- Target
  
  a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743
- Size
  
  365KB
- MD5
  
  ee7d906ce2100fd7f0c7be70413b5494
- SHA1
  
  4f83ad1732f59f733d07d56b614963e0d38bed39
- SHA256
  
  a6ddba48ab18463bf8c6db4b8c06fbbd1d9d6f659ce3cb0ce954bfede9f94743
- SHA512
  
  18ca5e7300ce177c86100aebcb64c858dbcc8c67c785823a28f66adcfd6549672529373a307e5effaa2be5102fd43a1061465a4d6d17a2c54bfc769e9cb90f1a
- SSDEEP
  
  6144:2Si07irC2F8NXC796TB9vj48UlL2XrzDcaTul3wMJInem5olCxjW:VDiZeVQkTrvj4sXrzDql16nBolX
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2