8fc537037970b6891bd1e5537ee192ab128fb2a95d7087758af6033d9c3e8de7 | Triage

Sharing

General

Target

8fc537037970b6891bd1e5537ee192ab128fb2a95d7087758af6033d9c3e8de7
Size

318KB
Sample

221204-pk5w9sch8y
MD5

61f84d66a5a17e167e13a201330e59ee
SHA1

0b926845df78fdf81b4b8374d92a317862f41f3d
SHA256

8fc537037970b6891bd1e5537ee192ab128fb2a95d7087758af6033d9c3e8de7
SHA512

d13aa2cd5ae16fdf260f8c5df14696ef20369fada5f95c73e49b92d245207da3b649b534f8d5358bd08c7aa282df4bb7fae00994ddc51af64ad654e66b9d9183
SSDEEP

6144:P5BogeiM5RyVZts3UfNKUqeMiZRKNgMLcbxKkajReYYl1rdVvxf6sh/////P:RzimeUljqvsRKNgDKk6RPYl1TvxZh//X

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8fc537037970b6891bd1e5537ee192ab128fb2a95d7087758af6033d9c3e8de7
- Size
  
  318KB
- MD5
  
  61f84d66a5a17e167e13a201330e59ee
- SHA1
  
  0b926845df78fdf81b4b8374d92a317862f41f3d
- SHA256
  
  8fc537037970b6891bd1e5537ee192ab128fb2a95d7087758af6033d9c3e8de7
- SHA512
  
  d13aa2cd5ae16fdf260f8c5df14696ef20369fada5f95c73e49b92d245207da3b649b534f8d5358bd08c7aa282df4bb7fae00994ddc51af64ad654e66b9d9183
- SSDEEP
  
  6144:P5BogeiM5RyVZts3UfNKUqeMiZRKNgMLcbxKkajReYYl1rdVvxf6sh/////P:RzimeUljqvsRKNgDKk6RPYl1TvxZh//X
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2