ead919a27338fd4ba333432ded6c5e9a809b5a30e84a51f367a3e4a181b89265 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ead919a27338fd4ba333432ded6c5e9a809b5a30e84a51f367a3e4a181b89265
Size

87KB
Sample

221201-pbq2raeh76
MD5

b903eccccc4ca71152a35aa554bdaecc
SHA1

9a23aad295a80c4783212fc89f52f9d883d53695
SHA256

ead919a27338fd4ba333432ded6c5e9a809b5a30e84a51f367a3e4a181b89265
SHA512

31eb1f405bbb92c0070a898397d0df5820dfe57960c624245580ab06048a0d0ecbf596fe08ee51be0d1a9346a59c9d76c8179121d0628fce08ac0cf6c0701b47
SSDEEP

1536:vQLUbE4gc1Bm+nBKsC0RG+vt9aWn+Lq5Xet4akuRbNhCuckU+YI2/eD09w23emaS:NV31BmoBd9G+vLaWnreChuppcX+YN/eo

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  ead919a27338fd4ba333432ded6c5e9a809b5a30e84a51f367a3e4a181b89265
- Size
  
  87KB
- MD5
  
  b903eccccc4ca71152a35aa554bdaecc
- SHA1
  
  9a23aad295a80c4783212fc89f52f9d883d53695
- SHA256
  
  ead919a27338fd4ba333432ded6c5e9a809b5a30e84a51f367a3e4a181b89265
- SHA512
  
  31eb1f405bbb92c0070a898397d0df5820dfe57960c624245580ab06048a0d0ecbf596fe08ee51be0d1a9346a59c9d76c8179121d0628fce08ac0cf6c0701b47
- SSDEEP
  
  1536:vQLUbE4gc1Bm+nBKsC0RG+vt9aWn+Lq5Xet4akuRbNhCuckU+YI2/eD09w23emaS:NV31BmoBd9G+vLaWnreChuppcX+YN/eo
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2