91f6a7b158b217a25870d770995b513fa545f19a979d6d1ea51392b4ae3e7f10 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

91f6a7b158b217a25870d770995b513fa545f19a979d6d1ea51392b4ae3e7f10
Size

940KB
Sample

221201-zq23nsag63
MD5

32759a0c05eb25dc58ff119f315fee08
SHA1

ad4efc66cbd4b4118e47d56db588a3b96090c921
SHA256

91f6a7b158b217a25870d770995b513fa545f19a979d6d1ea51392b4ae3e7f10
SHA512

2919bdc11ff8b8fb347267d5533732173ac01a1ab4ebb8e84da08a4ab02eab260a19c0c2b64b49945564b7d8eecca0ed1242286b7455b305ad436c9d841cdba4
SSDEEP

24576:2ZIJ8lG4fnKlN+V2xQ+IFVdkSMFwx7WB0RKgXu:SlG4fKlN+wxQVMitHRpu

Score

8^/10

Malware Config

Targets

- Target
  
  91f6a7b158b217a25870d770995b513fa545f19a979d6d1ea51392b4ae3e7f10
- Size
  
  940KB
- MD5
  
  32759a0c05eb25dc58ff119f315fee08
- SHA1
  
  ad4efc66cbd4b4118e47d56db588a3b96090c921
- SHA256
  
  91f6a7b158b217a25870d770995b513fa545f19a979d6d1ea51392b4ae3e7f10
- SHA512
  
  2919bdc11ff8b8fb347267d5533732173ac01a1ab4ebb8e84da08a4ab02eab260a19c0c2b64b49945564b7d8eecca0ed1242286b7455b305ad436c9d841cdba4
- SSDEEP
  
  24576:2ZIJ8lG4fnKlN+V2xQ+IFVdkSMFwx7WB0RKgXu:SlG4fKlN+wxQVMitHRpu
Score

8^/10
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2