7ef4fc1d192596b419ba320338f34c129eba80fe81ef4bb0c94fc6beba30178b | Triage

Sharing

General

Target

7ef4fc1d192596b419ba320338f34c129eba80fe81ef4bb0c94fc6beba30178b
Size

241KB
Sample

221205-qlbv9agf5s
MD5

20cf4b44daab3b25c07271bafc38a260
SHA1

4fcca608189031fa654f3c34b5e54a51b37b5b07
SHA256

7ef4fc1d192596b419ba320338f34c129eba80fe81ef4bb0c94fc6beba30178b
SHA512

0234c1ca350a53cbb1565a3d8ae26c50fe40bd420f0bf4df33e334d1db95f639ed2323edd63f8a043be2da3c0afcd61b913249891fa77545eee333f009a400b3
SSDEEP

3072:uyAB22qDo7qkXT5J9dWZ8j2/drWfd0PXhphbLeSzBHdHI2hB6JXy4:8BphqkD5X4Z8IoyPjMS7HTy

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  7ef4fc1d192596b419ba320338f34c129eba80fe81ef4bb0c94fc6beba30178b
- Size
  
  241KB
- MD5
  
  20cf4b44daab3b25c07271bafc38a260
- SHA1
  
  4fcca608189031fa654f3c34b5e54a51b37b5b07
- SHA256
  
  7ef4fc1d192596b419ba320338f34c129eba80fe81ef4bb0c94fc6beba30178b
- SHA512
  
  0234c1ca350a53cbb1565a3d8ae26c50fe40bd420f0bf4df33e334d1db95f639ed2323edd63f8a043be2da3c0afcd61b913249891fa77545eee333f009a400b3
- SSDEEP
  
  3072:uyAB22qDo7qkXT5J9dWZ8j2/drWfd0PXhphbLeSzBHdHI2hB6JXy4:8BphqkD5X4Z8IoyPjMS7HTy
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2