20a473e2aa8f18dc3940955a38fca66e5911a0a24e776f47bdcd2c66183b2d4e | Triage

Sharing

General

Target

20a473e2aa8f18dc3940955a38fca66e5911a0a24e776f47bdcd2c66183b2d4e
Size

614KB
Sample

231012-tqwm1adb37
MD5

e40e4dbbd769b73a8c4848e39e683cd5
SHA1

9796af7a0d9dcc992b15471036c18f5ebce92a57
SHA256

20a473e2aa8f18dc3940955a38fca66e5911a0a24e776f47bdcd2c66183b2d4e
SHA512

a96831b4e6d9f9d68ff639fd383a08fe15cf4f2543c53411e708694544aa43f4da7beb90ad43b1072013d569afb8760d46f23711ad43aba2465d7f543ad10eb2
SSDEEP

12288:aFDuVDFGpWYHSUgOnsj+gnZxAt+4Jf463Uvvjigh1Cf:6ADFGpWYHSUgOe5nLkCv+OQf

Score

7^/10

Malware Config

Targets

- Target
  
  Invoice Statement 180923.exe
- Size
  
  697KB
- MD5
  
  6b5329a982afd72cb3af805a4bd8750d
- SHA1
  
  75eadea84fe95d8595e6c5a1dcbaf4febc4643db
- SHA256
  
  48a7f19ab15464b4b940df2d979c2ce407238f9fe422b39fee341daad7657f41
- SHA512
  
  9d5bc91fff60b71b550305fa3d29d145e898c946fdf3f26f78a6c3ac080567871f4dc1c51a2effbc0ba54580878755d4c37da8784ec061709b1313699c4e9eaf
- SSDEEP
  
  12288:EAfDuHOXRjZBVdHHMzvSKWYHSU0Oxsj2gIEGAt++Jf4WX4KnznQdI9hG+I2cXj9i:EgrjZBV1HMDSKWYHSU0OshxGWX4KzkIP
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2