e263637f69545eb16760bb0d6d99adb5ac2f3fe850598205232b18a349810cf2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e263637f69545eb16760bb0d6d99adb5ac2f3fe850598205232b18a349810cf2
Size

37KB
Sample

221203-yt144sfb5x
MD5

48419b372b44c529079094cdb53cb42d
SHA1

9f027a82c267ac8423ec489c5e7cd3ebfe1881ab
SHA256

e263637f69545eb16760bb0d6d99adb5ac2f3fe850598205232b18a349810cf2
SHA512

7acf16898aab3d095859ba4feb9bb1b080f5248fb0a631de2ce57c9a910f318feb1dc2434a56c32288149ecd5399653ed2678f3d463003ff56b012b6ccc5f538
SSDEEP

768:p5j7oznv4IC7TniNFq0p22IUgUO2CiiGhhxnKDAHsEI:fjcznvDjNF1pXmU7hnSMJI

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  e263637f69545eb16760bb0d6d99adb5ac2f3fe850598205232b18a349810cf2
- Size
  
  37KB
- MD5
  
  48419b372b44c529079094cdb53cb42d
- SHA1
  
  9f027a82c267ac8423ec489c5e7cd3ebfe1881ab
- SHA256
  
  e263637f69545eb16760bb0d6d99adb5ac2f3fe850598205232b18a349810cf2
- SHA512
  
  7acf16898aab3d095859ba4feb9bb1b080f5248fb0a631de2ce57c9a910f318feb1dc2434a56c32288149ecd5399653ed2678f3d463003ff56b012b6ccc5f538
- SSDEEP
  
  768:p5j7oznv4IC7TniNFq0p22IUgUO2CiiGhhxnKDAHsEI:fjcznvDjNF1pXmU7hnSMJI
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2