b512ff9ce20b6c35ae7a9a12301ebe2bce0e9a8a047cab25ab53049802e80c77 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b512ff9ce20b6c35ae7a9a12301ebe2bce0e9a8a047cab25ab53049802e80c77
Size

817KB
Sample

221204-jzm24sba65
MD5

4f43f0ce3a727545c8df3514ce82829a
SHA1

07692bbe910a3e7ec84eb3b910b0722494056075
SHA256

b512ff9ce20b6c35ae7a9a12301ebe2bce0e9a8a047cab25ab53049802e80c77
SHA512

6c1a24ef310afbec52bc8f8944c1bdf2d57990294a25a11112f078d0db665059db7c6a62c2f2a88bf252c69de03712972add99d3ef7d5bd2ccbee7e572c80b7e
SSDEEP

24576:ksb6ntfQ4QmXo4Z6CLNcOK+OqDXKoxqmZPwRs:Kqm45mNcOK+OqsmO2

Score

8^/10

Malware Config

Targets

- Target
  
  b512ff9ce20b6c35ae7a9a12301ebe2bce0e9a8a047cab25ab53049802e80c77
- Size
  
  817KB
- MD5
  
  4f43f0ce3a727545c8df3514ce82829a
- SHA1
  
  07692bbe910a3e7ec84eb3b910b0722494056075
- SHA256
  
  b512ff9ce20b6c35ae7a9a12301ebe2bce0e9a8a047cab25ab53049802e80c77
- SHA512
  
  6c1a24ef310afbec52bc8f8944c1bdf2d57990294a25a11112f078d0db665059db7c6a62c2f2a88bf252c69de03712972add99d3ef7d5bd2ccbee7e572c80b7e
- SSDEEP
  
  24576:ksb6ntfQ4QmXo4Z6CLNcOK+OqDXKoxqmZPwRs:Kqm45mNcOK+OqsmO2
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2