f2ab7b7a117fbd1776a302ff278ca011fcc2307d85108945b21a08d4984ffdd0 | Triage

Sharing

General

Target

f2ab7b7a117fbd1776a302ff278ca011fcc2307d85108945b21a08d4984ffdd0
Size

645KB
Sample

221129-vb469sga53
MD5

eddb82bbad579385c225abd94591b56f
SHA1

27a588a4770aa301546157a3afcd3abe8f8a5c61
SHA256

f2ab7b7a117fbd1776a302ff278ca011fcc2307d85108945b21a08d4984ffdd0
SHA512

ca23e237d3b9fb2ebe82b4451a254db8d89383eee3e30f348f96860ad0dea8a3c1d64bcd7ad7bc573c974b24c884dfbe33e541ac5c73ec677e69dbc6c4589a5b
SSDEEP

1536:3v+gWn0/aKcTnbrGUfiZN5CfIUQ6rvOgOZlk9I/+kcg3Fteso7oJ9uuaxsp9OiSG:TWuaKcTOMIcvgfRwkjMFNTS

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f2ab7b7a117fbd1776a302ff278ca011fcc2307d85108945b21a08d4984ffdd0
- Size
  
  645KB
- MD5
  
  eddb82bbad579385c225abd94591b56f
- SHA1
  
  27a588a4770aa301546157a3afcd3abe8f8a5c61
- SHA256
  
  f2ab7b7a117fbd1776a302ff278ca011fcc2307d85108945b21a08d4984ffdd0
- SHA512
  
  ca23e237d3b9fb2ebe82b4451a254db8d89383eee3e30f348f96860ad0dea8a3c1d64bcd7ad7bc573c974b24c884dfbe33e541ac5c73ec677e69dbc6c4589a5b
- SSDEEP
  
  1536:3v+gWn0/aKcTnbrGUfiZN5CfIUQ6rvOgOZlk9I/+kcg3Fteso7oJ9uuaxsp9OiSG:TWuaKcTOMIcvgfRwkjMFNTS
Score

8^/10

persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2