a0d777aca98a1d194a1fe771ed0c119e38412b5370cc7a8782587d371b823c4b | Triage

Sharing

General

Target

a0d777aca98a1d194a1fe771ed0c119e38412b5370cc7a8782587d371b823c4b
Size

924KB
Sample

221201-akqp1sgg58
MD5

32773e7b7b63ed06db0f45388e860723
SHA1

f6dfd607be4e41deda9751294ff0095ce5094ce0
SHA256

a0d777aca98a1d194a1fe771ed0c119e38412b5370cc7a8782587d371b823c4b
SHA512

8f267776d0cf77704ca2110ca0f0b86b72d1e121ae9116ee6db4fb1b61338120be96bc1db6f21d1e99f5e562c65f9714ca6568bc46c1519b9f8f82c3cd229b32
SSDEEP

24576:x+xyXMK/7zMJ+NnzwlcRMlvHrzLePhyfKPHgJ:4STzMJ4wlnlTz6PhyfK4J

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  a0d777aca98a1d194a1fe771ed0c119e38412b5370cc7a8782587d371b823c4b
- Size
  
  924KB
- MD5
  
  32773e7b7b63ed06db0f45388e860723
- SHA1
  
  f6dfd607be4e41deda9751294ff0095ce5094ce0
- SHA256
  
  a0d777aca98a1d194a1fe771ed0c119e38412b5370cc7a8782587d371b823c4b
- SHA512
  
  8f267776d0cf77704ca2110ca0f0b86b72d1e121ae9116ee6db4fb1b61338120be96bc1db6f21d1e99f5e562c65f9714ca6568bc46c1519b9f8f82c3cd229b32
- SSDEEP
  
  24576:x+xyXMK/7zMJ+NnzwlcRMlvHrzLePhyfKPHgJ:4STzMJ4wlnlTz6PhyfK4J
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2