General

  • Target

    PrimeSetup_1234_FullVersion_Active.rar

  • Size

    12MB

  • Sample

    221220-q9wwbshg49

  • MD5

    b5cb89dea0e05b183cf67db7556e1443

  • SHA1

    3eea38685441df24dd8b3eb26844133264541c7e

  • SHA256

    d5c1c64135fad708c51d88ecc889a1b50404bfd3233f01a7b5f0d26b2c718b2e

  • SHA512

    cb29a67bd1ef7dbe1f6a3ff497eec830a12da8c4a627f3cb9919a698db2a6fee00785f44d34e9404b52676377f006345b150407b87e44c9b3a65717e6d0edd66

  • SSDEEP

    196608:mRLI33Q+BiAXEkLmJbZmc6T6a6o8gPsSbMeu4kk/JJhcDJ+depxgXpkAyG8RcEuD:my3tBiiER1ZP6OQPJf/Gsh22EuJF

Score
7/10

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      837MB

    • MD5

      bf6b5f2d76fb058e3e6a38cbdbdd22a5

    • SHA1

      dfef116bd3994f05476040608d63fd8af19d09d7

    • SHA256

      b2f86cda9f22b4adc43c5bb08dfc2625619ab487c5f172b35ce190ac6d8782a9

    • SHA512

      c06b9dc975d707038efc2a88c45f629fa3944bc5b7ecf2d979e5f8db52e60b161f42e82de92c7ed80482acb90bac436eeda77407047efab943380de72d57e9f4

    • SSDEEP

      12288:PO5wC1Qx3/FeGLO9g4afrfYF3pVIyZZ8tfX9D6V01lpnOrsPgi:25wslGLacfYF8yEtftGY/Or+h

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks