a9c96b1703cb39684207a675bf3af295faed1f8d27eb51b312c9cb19b57cbc98 | Triage

Sharing

General

Target

a9c96b1703cb39684207a675bf3af295faed1f8d27eb51b312c9cb19b57cbc98
Size

1.1MB
Sample

221203-bjkm2seg9w
MD5

753beed5c8ef36a4f9974bb5ed154c2e
SHA1

b88685813f147997e9a39f7771bf4efb8bbbf257
SHA256

a9c96b1703cb39684207a675bf3af295faed1f8d27eb51b312c9cb19b57cbc98
SHA512

081a5dab5f68aa18d56451d2e3e3011dc89087dd450e4b6617443577658a0985e3e21fd597e015c5c5c6aeebf7a8e38c2a04d3dbf292f4b46ddc49ab42bedcca
SSDEEP

24576:JkjHSN59ngsR+PEIzzamL1472ex/Fbl2DPpoUX:JuinF+sIHlDI5YDqu

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  a9c96b1703cb39684207a675bf3af295faed1f8d27eb51b312c9cb19b57cbc98
- Size
  
  1.1MB
- MD5
  
  753beed5c8ef36a4f9974bb5ed154c2e
- SHA1
  
  b88685813f147997e9a39f7771bf4efb8bbbf257
- SHA256
  
  a9c96b1703cb39684207a675bf3af295faed1f8d27eb51b312c9cb19b57cbc98
- SHA512
  
  081a5dab5f68aa18d56451d2e3e3011dc89087dd450e4b6617443577658a0985e3e21fd597e015c5c5c6aeebf7a8e38c2a04d3dbf292f4b46ddc49ab42bedcca
- SSDEEP
  
  24576:JkjHSN59ngsR+PEIzzamL1472ex/Fbl2DPpoUX:JuinF+sIHlDI5YDqu
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2