ae4db6398d75e10e214bea80f000ec1b196fad6e4a3b952d98b11c81b5c72837 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae4db6398d75e10e214bea80f000ec1b196fad6e4a3b952d98b11c81b5c72837
Size

554KB
Sample

221204-jt9zpaaf55
MD5

0bf6c569ff29022a6a24074d0502f846
SHA1

d28acef4e4e7e9e0d2a0d444ab6b09df25f64298
SHA256

ae4db6398d75e10e214bea80f000ec1b196fad6e4a3b952d98b11c81b5c72837
SHA512

1f4c388a9d8f81999a7d4f2a511d14d301d0b9f4d69111bb64fc95f5125c93e47183581d3117431d2e045eaca62f3c2f8e29633304527c69417c218ddb9179ef
SSDEEP

12288:kUrNPgJ/BgI4IFMdv8ZGiTuS9K+2xRE//OJghQDSId69OiTlR8S8C9rd5:kUrNPadGSG9t/E/GcYx69Oijz8C9j

Score

8^/10

Malware Config

Targets

- Target
  
  ae4db6398d75e10e214bea80f000ec1b196fad6e4a3b952d98b11c81b5c72837
- Size
  
  554KB
- MD5
  
  0bf6c569ff29022a6a24074d0502f846
- SHA1
  
  d28acef4e4e7e9e0d2a0d444ab6b09df25f64298
- SHA256
  
  ae4db6398d75e10e214bea80f000ec1b196fad6e4a3b952d98b11c81b5c72837
- SHA512
  
  1f4c388a9d8f81999a7d4f2a511d14d301d0b9f4d69111bb64fc95f5125c93e47183581d3117431d2e045eaca62f3c2f8e29633304527c69417c218ddb9179ef
- SSDEEP
  
  12288:kUrNPgJ/BgI4IFMdv8ZGiTuS9K+2xRE//OJghQDSId69OiTlR8S8C9rd5:kUrNPadGSG9t/E/GcYx69Oijz8C9j
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2