1e3331924ca4bfc5815258f67b88b096e83836127bd2b808694a87bfd38dd441 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

696cc5675e5739ea80ef220253226fee.bin
Size

958KB
Sample

230401-bx1w7agd5w
MD5

a2eb7c816466e1be044e0a4d73502976
SHA1

08257d0f179f7f1d77569671a5287589d9220390
SHA256

1e3331924ca4bfc5815258f67b88b096e83836127bd2b808694a87bfd38dd441
SHA512

e85f479e15ad281b9dad1fa6ef3880eebd55c8c156461307faf7d1712033b39c90ebc813bf4758b38b0d54fdf5e2e92ab415d8e74c9f0b1345d3950eaebd87b5
SSDEEP

24576:Pb9wG/xLqOzPRVc+M6mMAwmqtqIxmWUS6IfiPxpqtUx:Pb6G/Rqm8wRsIX63ZI6

Score

7^/10

Malware Config

Targets

- Target
  
  Purchase Order Specifications for March-2023 update.pdf (253K).exe
- Size
  
  1.2MB
- MD5
  
  525b29804499f54683326bd36d358a40
- SHA1
  
  11c93e550822f2e4e8ca5366e1f2d270d4785ea7
- SHA256
  
  4fc50d17362e6ed4e53b082e4d01ad286eb2caca5113ae09e48eca48889b36fb
- SHA512
  
  0b2dcbb290799c183ba07bdab0fb29f99c6621397a00ee7b76c9c12e45d4df0fca3c4d81dcea270496e185abeb9fbaf0ef7c62ebc284d356e0a39683d95f6d3c
- SSDEEP
  
  24576:ZmsNORPPda72PV1sjlty/+gpd9O2hyyL7imXSQ:ZmnRPhD3bf9O2h9T
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2