18c5a2b418c466198a812c3c1cf4d45e85b2db2acba84739d4ab4e299814caf5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18c5a2b418c466198a812c3c1cf4d45e85b2db2acba84739d4ab4e299814caf5
Size

858KB
Sample

230306-1h5n9sed51
MD5

6a6ec075b935a1811919079b6645e38f
SHA1

4ae2ce6c2dc07aa42aace408bd03afe85ccd913c
SHA256

18c5a2b418c466198a812c3c1cf4d45e85b2db2acba84739d4ab4e299814caf5
SHA512

bc960e588b2bb6f96f8ab2ab89134a7bb71bac2135945bb9d3c2a433c0cdca60412699faadddf0aea9b244eadacb04042330c46f6cc923e1c74ec050977871db
SSDEEP

24576:xHCtn9BoO/N+SQlQXDv1jclC3CNcqZRWOsICqvf5xGZ5ZG52e9O:2QK5cljc0RWT8vfHw5Q2e9

Score

7^/10

Malware Config

Targets

- Target
  
  18c5a2b418c466198a812c3c1cf4d45e85b2db2acba84739d4ab4e299814caf5
- Size
  
  858KB
- MD5
  
  6a6ec075b935a1811919079b6645e38f
- SHA1
  
  4ae2ce6c2dc07aa42aace408bd03afe85ccd913c
- SHA256
  
  18c5a2b418c466198a812c3c1cf4d45e85b2db2acba84739d4ab4e299814caf5
- SHA512
  
  bc960e588b2bb6f96f8ab2ab89134a7bb71bac2135945bb9d3c2a433c0cdca60412699faadddf0aea9b244eadacb04042330c46f6cc923e1c74ec050977871db
- SSDEEP
  
  24576:xHCtn9BoO/N+SQlQXDv1jclC3CNcqZRWOsICqvf5xGZ5ZG52e9O:2QK5cljc0RWT8vfHw5Q2e9
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2