144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87 | Triage

Sharing

General

Target

144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
Size

785KB
Sample

230114-fejmeaaa78
MD5

16c2d163dc4befc51cb1f9fff79176c6
SHA1

5c4d146316f45afe7193d45ceea6be614f672e9f
SHA256

144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA512

3d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
SSDEEP

12288:oxk0NrbdBEh36KPSgUsHW3TkBzuEY8PBr38g1Y89+aWwmo3gb93Y1hksowuDZYky:ouscUWB7YOSggdwZwb9whksBuVjy

Score

8^/10

Malware Config

Targets

- Target
  
  144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
- Size
  
  785KB
- MD5
  
  16c2d163dc4befc51cb1f9fff79176c6
- SHA1
  
  5c4d146316f45afe7193d45ceea6be614f672e9f
- SHA256
  
  144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
- SHA512
  
  3d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
- SSDEEP
  
  12288:oxk0NrbdBEh36KPSgUsHW3TkBzuEY8PBr38g1Y89+aWwmo3gb93Y1hksowuDZYky:ouscUWB7YOSggdwZwb9whksBuVjy
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2