d3dc1cdfb6b10548c3a98cd464e096b0e95bb95435ba136af59a8817c621562a | Triage

Sharing

General

Target

d3dc1cdfb6b10548c3a98cd464e096b0e95bb95435ba136af59a8817c621562a
Size

800KB
Sample

221203-xsqrbagb34
MD5

a19beccaa99b5adfe4f6039abbf36dba
SHA1

0fb646d41bf56ee322820490225daf63e7f45312
SHA256

d3dc1cdfb6b10548c3a98cd464e096b0e95bb95435ba136af59a8817c621562a
SHA512

85a0371837d4ea3aec8268bfd5b70ac8495d6c0a7441bb90cbdde798f8ccaf17188a95bad33025a71dc3781b735d5231dfb5a137045f2e9aef2098199fe24713
SSDEEP

12288:XBrKO9NogFi3DAr+OgD1bUMJ73gwWU+Dbwh1eDtFCO/dPDjZK:xrKKoIi31tJtJ73gwzhQSqdPp

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  d3dc1cdfb6b10548c3a98cd464e096b0e95bb95435ba136af59a8817c621562a
- Size
  
  800KB
- MD5
  
  a19beccaa99b5adfe4f6039abbf36dba
- SHA1
  
  0fb646d41bf56ee322820490225daf63e7f45312
- SHA256
  
  d3dc1cdfb6b10548c3a98cd464e096b0e95bb95435ba136af59a8817c621562a
- SHA512
  
  85a0371837d4ea3aec8268bfd5b70ac8495d6c0a7441bb90cbdde798f8ccaf17188a95bad33025a71dc3781b735d5231dfb5a137045f2e9aef2098199fe24713
- SSDEEP
  
  12288:XBrKO9NogFi3DAr+OgD1bUMJ73gwWU+Dbwh1eDtFCO/dPDjZK:xrKKoIi31tJtJ73gwzhQSqdPp
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2