05a04c8fd5c6e3bf56ed628e020b36e8381bab3244114335fa9b978e78e62fdc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RFQ # 1045981 - MAA_D Plant Project r01.rar
Size

241KB
Sample

230629-pnbsladg9z
MD5

3a954da76c4dc1d98ab922bdd6ae9ba3
SHA1

960eb082c87bd988eddd35925e86c6e4ef9f94b2
SHA256

05a04c8fd5c6e3bf56ed628e020b36e8381bab3244114335fa9b978e78e62fdc
SHA512

c68c54857ce4ae44bc9266ded6ee9be36304600aa9447e8405bd3bc0bd38e8acd68eb198f5893462575e8aa9a1d7f2f5f0fba86b64e796d3fa2ef2aae04ebca7
SSDEEP

3072:yU9/5cEcbqoy+JbtTeLKy9fww21EWsYKng+bx9wxErHcmjnmDAI/Wpde0hJQqLie:yU9RQbyUbGKQp21Enga92Er9nmxgJQw

Score

7^/10

Malware Config

Targets

- Target
  
  RFQ # 1045981 - MAA_D Plant Project r01.exe
- Size
  
  256KB
- MD5
  
  3075d77e2950791830b12aef7c1832ec
- SHA1
  
  85c5ff9f0e5b397949db5e7d9ab4abed1fb91f7e
- SHA256
  
  61c6ffbcd2c7c685bf8e3f6181f28c0e5ffb915a382b5c5848ef71e13042b41d
- SHA512
  
  9b0f3a9764118c8479d9f23e67d5c6679dbc6706f4f6528f5410a2f2fb06ac911c772b7499dbd044294f4d75d4a2bc685fbb3cf19cd131a961dcaa8508b6bdf5
- SSDEEP
  
  6144:/Ya6KmdnjukKVzbaVslIRiQrg0szjr83UA3RV:/YcHvqVk8zr5ivODRV
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2