97d82ef629cc257cd211526fff0f49793539ae95b72071d38c13721e603ae98e | Triage

Sharing

General

Target

Invoice.rar
Size

274KB
Sample

230712-hwhgsacc85
MD5

26a36c778e54aaa3dc01f256eb328fd1
SHA1

41b5bdd35cf1798de086c564601b7c9d58f80034
SHA256

97d82ef629cc257cd211526fff0f49793539ae95b72071d38c13721e603ae98e
SHA512

cecf0d0280d235942bbebc3eb955d3a4c0317e7640ceda2944b2858aec8013cea6442dc817355c0904d5ace67256e9855e2bdece84477cc21f41591a6f321d8b
SSDEEP

6144:hT1zajXm4SSi1UFJ2mQmFDqdt92avvyIejNCgOeZ:hTFajXmB31G2mnDqdtzvA0eZ

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Invoice.exe
- Size
  
  290KB
- MD5
  
  251059be9d81ed9e5dcef07d3da50410
- SHA1
  
  7d7c53f24a2996b2be19a6be740a3ff27bc0bfcb
- SHA256
  
  a18c3de560cfe832821c01661931953efe47d1506955f779ce2760550a1a63c8
- SHA512
  
  3dbd5c3aaea44cb381129a4d9395028b2b29a3d8d7b2ce4bff481c1a12bfea63d8f80b4fa8e2b47edce7d37f1b6093ba297a783370fc149429dc2eee66d83779
- SSDEEP
  
  6144:/Ya6nBlQZtNfvjoaXOz+e5hljyV1DM6O2MxO5G0l7S8CYmMw4mli/mN:/YdjstNTOSeAK6O2Mx+G0FS8CZ/4kWK
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2