6e03528ce894656ff07e06cf3c0ee280fcd1a59b5f543f07cc2d23309554a477 | Triage

Sharing

General

Target

6e03528ce894656ff07e06cf3c0ee280fcd1a59b5f543f07cc2d23309554a477
Size

2.5MB
Sample

221205-q4a2nseg85
MD5

0ae7659bd7a8800b6ad15a3a81fcf9dd
SHA1

293f2f7646fbb5e185875801fc0e9b752605e6e3
SHA256

6e03528ce894656ff07e06cf3c0ee280fcd1a59b5f543f07cc2d23309554a477
SHA512

b89d97aef896ca484bf4f97921fc33aee6ddc3ed8965e345e6f89aabb935a9825f93cb5c1315d86a799d4c4bfd95d8a97aef22a2c7ed40361477e6eeb5fccaea
SSDEEP

49152:R/IX5nW5F74ptESnWBDSct9zNaPEcGfXTUEDjasY6DwOBfrnvV7UeWtdZ:R/AaF0dID+ifXTU0dYiwOBpIeWJ

Score

8^/10

Malware Config

Targets

- Target
  
  6e03528ce894656ff07e06cf3c0ee280fcd1a59b5f543f07cc2d23309554a477
- Size
  
  2.5MB
- MD5
  
  0ae7659bd7a8800b6ad15a3a81fcf9dd
- SHA1
  
  293f2f7646fbb5e185875801fc0e9b752605e6e3
- SHA256
  
  6e03528ce894656ff07e06cf3c0ee280fcd1a59b5f543f07cc2d23309554a477
- SHA512
  
  b89d97aef896ca484bf4f97921fc33aee6ddc3ed8965e345e6f89aabb935a9825f93cb5c1315d86a799d4c4bfd95d8a97aef22a2c7ed40361477e6eeb5fccaea
- SSDEEP
  
  49152:R/IX5nW5F74ptESnWBDSct9zNaPEcGfXTUEDjasY6DwOBfrnvV7UeWtdZ:R/AaF0dID+ifXTU0dYiwOBpIeWJ
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2