b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b
Size

40KB
Sample

221206-r3c1bafh64
MD5

7f1362d711d3d715955cbf7d267f8468
SHA1

91a9e7b972888de0e02d5d0d567774c47e81217d
SHA256

b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b
SHA512

81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714
SSDEEP

768:V6DI8CHd533yujgXDVrQE/fjCjDE3LOWw/PjZoVGKBa:8D0PSuUXJQFDbWw/rZoVGGa

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b
- Size
  
  40KB
- MD5
  
  7f1362d711d3d715955cbf7d267f8468
- SHA1
  
  91a9e7b972888de0e02d5d0d567774c47e81217d
- SHA256
  
  b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b
- SHA512
  
  81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714
- SSDEEP
  
  768:V6DI8CHd533yujgXDVrQE/fjCjDE3LOWw/PjZoVGKBa:8D0PSuUXJQFDbWw/rZoVGGa
Score

8^/10

persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2