0b7841ea5b8040d0a636dfb94f374666baec80ee31307dc156c947b287d8f1cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

po1261Template of Invoice packing list3-2.exe
Size

812KB
Sample

230616-vtn8rsfh87
MD5

2116c6988adf5127efda7c5b983d163f
SHA1

8e5e2b6aefed9bb6d90f185feea18cd962ce5049
SHA256

0b7841ea5b8040d0a636dfb94f374666baec80ee31307dc156c947b287d8f1cc
SHA512

41adf03b6d6b5dc5cb97d6c26ead593e251830dad6219fe0b31b1b409be97595bc7a3f9fcd2a961152476af0b95214744b067a2590e19cfeac863887dd114d8e
SSDEEP

12288:klKnuTEXqXdVEzLHHYsoRuEyfW5rcfr0iVyoF1o/YPZqEJzIHDnaK:xq4qXdVUeRDr8r0VoTMYsR7aK

Score

7^/10

Malware Config

Targets

- Target
  
  po1261Template of Invoice packing list3-2.exe
- Size
  
  812KB
- MD5
  
  2116c6988adf5127efda7c5b983d163f
- SHA1
  
  8e5e2b6aefed9bb6d90f185feea18cd962ce5049
- SHA256
  
  0b7841ea5b8040d0a636dfb94f374666baec80ee31307dc156c947b287d8f1cc
- SHA512
  
  41adf03b6d6b5dc5cb97d6c26ead593e251830dad6219fe0b31b1b409be97595bc7a3f9fcd2a961152476af0b95214744b067a2590e19cfeac863887dd114d8e
- SSDEEP
  
  12288:klKnuTEXqXdVEzLHHYsoRuEyfW5rcfr0iVyoF1o/YPZqEJzIHDnaK:xq4qXdVUeRDr8r0VoTMYsR7aK
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2