46987fc6035582afa54dcef228581793d45cc784ca9deabcf18a71f99ff56063 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

167.114.7.79_-_Comprovante.rar___e8e515c2580f840be1e98131108549d4.dat
Size

951KB
Sample

230314-tvf34sge32
MD5

e8e515c2580f840be1e98131108549d4
SHA1

7eb3467909c79f829de7ba9b4e6785459752bd2f
SHA256

46987fc6035582afa54dcef228581793d45cc784ca9deabcf18a71f99ff56063
SHA512

808647009119b20615ac02a71fe70cdd80178733df32cdd48e5f376cb9ae18f122e6aef851caf43164b91f1a6437af7ee0ff37a10b1424dba5f59fa3158cc9a7
SSDEEP

24576:WBk7dpEXtbHpCJZXRDSufF1KhdGmmkCA/yPzZGdYy8koUEJqqx:WCibHpCZGcnkmkn/kzZGRkUEq6

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Comprovante.jpg.scr.exe
- Size
  
  1.2MB
- MD5
  
  111196ca1065a3ac7eb51f4b2b5c0468
- SHA1
  
  5f5606bee5e357e5d411f186a384cbb17b59327d
- SHA256
  
  2cf24cbc023a894f06971c8ee05d739032b3247ab43380de5dab7d46d9cdf686
- SHA512
  
  ad30d281d32fa08a2a59ac23802ee9af9002b9e7d5fe1f95f53bfb3a2ae69ab12db7586fbacf48bf57df80a24811034811e9f0cf11e2f43d6f3c6be9ba04c7e7
- SSDEEP
  
  24576:W9ibDiDIZUyPyzSsLO9yJiFfbVn99rYqGYFbcPHcaV8C0nSaOlsMVEVTIU:W9ibDiDqWzSsLFitbVvs2FAflqVnmhaN
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2