5a65fc8087d39879abd9c17bbb3581a3d8e57595cc2fff526743aa95e660a59d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

KIEFEL Packaging GmbH Purchase Order.exe
Size

256KB
Sample

230704-gv9n7sbc58
MD5

cfae6fe1ecccc5a4707ca3a12dbf880f
SHA1

669b2f2923070af128a67081deb703d9154588cc
SHA256

5a65fc8087d39879abd9c17bbb3581a3d8e57595cc2fff526743aa95e660a59d
SHA512

d86289ef4f67644f46f8d7c8a3c2fc4b8d40851d609e44e30822a45c5ce0de5e1d45584553815a93f0a2157cf5a8febc7c71e72b0e77113ee40ddd41e1d2165c
SSDEEP

6144:vYa6rh8b1Cs1XkCKkRzaNmmpLPRf2VeGE7KHz:vYBhC1XkLk90mmtWeBKHz

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  KIEFEL Packaging GmbH Purchase Order.exe
- Size
  
  256KB
- MD5
  
  cfae6fe1ecccc5a4707ca3a12dbf880f
- SHA1
  
  669b2f2923070af128a67081deb703d9154588cc
- SHA256
  
  5a65fc8087d39879abd9c17bbb3581a3d8e57595cc2fff526743aa95e660a59d
- SHA512
  
  d86289ef4f67644f46f8d7c8a3c2fc4b8d40851d609e44e30822a45c5ce0de5e1d45584553815a93f0a2157cf5a8febc7c71e72b0e77113ee40ddd41e1d2165c
- SSDEEP
  
  6144:vYa6rh8b1Cs1XkCKkRzaNmmpLPRf2VeGE7KHz:vYBhC1XkLk90mmtWeBKHz
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2