b904e02b91486d5278de71da034ffa8a152637a5550d4f305fead4a08f5a45ea | Triage

Sharing

General

Target

b904e02b91486d5278de71da034ffa8a152637a5550d4f305fead4a08f5a45ea
Size

324KB
Sample

221203-at8l7acg8x
MD5

99d8f278db8fb66956fcdece32086820
SHA1

d092724c9a78bfdd920645fbf38c0dbf4367228a
SHA256

b904e02b91486d5278de71da034ffa8a152637a5550d4f305fead4a08f5a45ea
SHA512

0c468e76b61806b0ced2f3a2dc004069e9d80b95d417d2906fb12993c4e3fa14c523a22619e68081e83571a6b6af8ba7185843c78429a8f725f209d296a6cbf7
SSDEEP

6144:pXOQjKA5X+nCndnaLusR2MmFPMl7aHq344uGWr:RYAeCdnk/lmFUl7P444

Score

8^/10

Malware Config

Targets

- Target
  
  gg.exe
- Size
  
  143KB
- MD5
  
  92912013e8cec32359e838b677ccb28a
- SHA1
  
  e43c931717e588f90e05884dfc20163d10249d7a
- SHA256
  
  1e8d06e0c415d599e84dce8ca6bc05b6c488749e56fc03e348ea348c4883af2d
- SHA512
  
  b0b89aa5dcdb5d330a8aebcb820c804ee0395713769aee355f243deabeb744a3cc3eb35b434e7b43dcc1a2d72b84b6d07cbcbf5a4d8bc5bc71545ab6ce4099c6
- SSDEEP
  
  3072:GzNWMKKRZYchObK91C8sV6Xmoo4LEpYcH8p1Qui3k73GWr:GZuuObR8sVImcyYcoQuGWr
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  k.exe
- Size
  
  848KB
- MD5
  
  ba637568b6c01ce0eaaa14dd034622fd
- SHA1
  
  63528ce9ef8b8a645f7653ef2d1befdeab8320ca
- SHA256
  
  ecb7c800b85f488fcfec42c85f9d91b4942016214691c8d507c094d3dc778f7b
- SHA512
  
  1978198b7761d0ced646ad3b86fac726d3c5c26848e591b836c9e1d5f22c50896308c9493ba74c2294467a01c2b95bb2c173a15f497f1afeb679bea722c904d1
- SSDEEP
  
  6144:ppxFJObCU0uEzItyJGcIfVG3V0Sz8tndnTn8ZAj1kF5lyR:PFTZTMthccG3VV8tnxF5kF5lq
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4