46b6798990aefaedd162220d0593c6b22aa72fa3afc71ad4b12d6781793a9e06 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46b6798990aefaedd162220d0593c6b22aa72fa3afc71ad4b12d6781793a9e06
Size

846KB
Sample

230306-dh66rshh5z
MD5

38108e43c7d71a48590efcefe16b1bd4
SHA1

da909791913776122d525a46de5b78e935e62d3f
SHA256

46b6798990aefaedd162220d0593c6b22aa72fa3afc71ad4b12d6781793a9e06
SHA512

fc73b301154d7b4e054bb30f9149af56da04d16fce3bd57ce7f88dd7ec4d4c04caf1c8ad4ea50f5eeda58a9a85ebd94c5519a62ddc53f2022a6881cd65b70640
SSDEEP

12288:K8CXIfnx1jABycx4tufgvhJUq9DTRcI9B8+EZAbVjsqrLx3dwYfGI4P/R:Jf7jU6QfeuqdTRcI9S+hbV4qp3mB

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  46b6798990aefaedd162220d0593c6b22aa72fa3afc71ad4b12d6781793a9e06
- Size
  
  846KB
- MD5
  
  38108e43c7d71a48590efcefe16b1bd4
- SHA1
  
  da909791913776122d525a46de5b78e935e62d3f
- SHA256
  
  46b6798990aefaedd162220d0593c6b22aa72fa3afc71ad4b12d6781793a9e06
- SHA512
  
  fc73b301154d7b4e054bb30f9149af56da04d16fce3bd57ce7f88dd7ec4d4c04caf1c8ad4ea50f5eeda58a9a85ebd94c5519a62ddc53f2022a6881cd65b70640
- SSDEEP
  
  12288:K8CXIfnx1jABycx4tufgvhJUq9DTRcI9B8+EZAbVjsqrLx3dwYfGI4P/R:Jf7jU6QfeuqdTRcI9S+hbV4qp3mB
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2