8156a74cd9e26453005644482aeca45d281df015ea27ea0c310efb1d4511306e | Triage

Sharing

General

Target

PO#YATCH-INT'L.exe
Size

375KB
Sample

230921-gyrb2adg8t
MD5

fe6dcea80d6c99593169d20419f666d2
SHA1

5f5ab5e667f08d89861b55fbfd53fb91ef1e8070
SHA256

8156a74cd9e26453005644482aeca45d281df015ea27ea0c310efb1d4511306e
SHA512

02fafa1803d07cf0529541f4ae0f4088df4aa5388cbd689b834f818ea8a210836ccb4714cfac9e2898e9dede936b961f83911c14b4c2a937bc6ac639451059d1
SSDEEP

6144:9Ya6i8HbqWwHgQWDUcwX+l408OPuxAH9A6r5RJ7L5ezWsQ5APE6Dr/IhxMzSDZrL:9YY8HOWwHgzwml4NO8mA69X7LQWJG8/3

Score

7^/10

Malware Config

Targets

- Target
  
  PO#YATCH-INT'L.exe
- Size
  
  375KB
- MD5
  
  fe6dcea80d6c99593169d20419f666d2
- SHA1
  
  5f5ab5e667f08d89861b55fbfd53fb91ef1e8070
- SHA256
  
  8156a74cd9e26453005644482aeca45d281df015ea27ea0c310efb1d4511306e
- SHA512
  
  02fafa1803d07cf0529541f4ae0f4088df4aa5388cbd689b834f818ea8a210836ccb4714cfac9e2898e9dede936b961f83911c14b4c2a937bc6ac639451059d1
- SSDEEP
  
  6144:9Ya6i8HbqWwHgQWDUcwX+l408OPuxAH9A6r5RJ7L5ezWsQ5APE6Dr/IhxMzSDZrL:9YY8HOWwHgzwml4NO8mA69X7LQWJG8/3
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2