867c00cabc16c47046eceb613d6fc49cfe75698ad4f000d114c558f5260722ab | Triage

Sharing

General

Target

867c00cabc16c47046eceb613d6fc49cfe75698ad4f000d114c558f5260722ab
Size

544KB
Sample

221205-22d64ahh51
MD5

6fa77feaddddbd4f2a141337a56e6a60
SHA1

648cd353eeef00ebb2f8cd72fb54206799910bc4
SHA256

867c00cabc16c47046eceb613d6fc49cfe75698ad4f000d114c558f5260722ab
SHA512

664067108811e099d812197221081905afb6291e1a0469d82464950bc3621e8f1045ffe8f84922e19912da4bfca5366ee412173cff0ca71d2fd1664870f66aca
SSDEEP

3072:wuFAlQ80NH5ZVulAOL8OzsFxEgCBVa0edQOcJq99zgcRLQaA9waCuqQpa1Sp1VNd:bHNH5ZA8vIwQOb99zMdwI61gB4Q

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  867c00cabc16c47046eceb613d6fc49cfe75698ad4f000d114c558f5260722ab
- Size
  
  544KB
- MD5
  
  6fa77feaddddbd4f2a141337a56e6a60
- SHA1
  
  648cd353eeef00ebb2f8cd72fb54206799910bc4
- SHA256
  
  867c00cabc16c47046eceb613d6fc49cfe75698ad4f000d114c558f5260722ab
- SHA512
  
  664067108811e099d812197221081905afb6291e1a0469d82464950bc3621e8f1045ffe8f84922e19912da4bfca5366ee412173cff0ca71d2fd1664870f66aca
- SSDEEP
  
  3072:wuFAlQ80NH5ZVulAOL8OzsFxEgCBVa0edQOcJq99zgcRLQaA9waCuqQpa1Sp1VNd:bHNH5ZA8vIwQOb99zMdwI61gB4Q
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2