67222bd90963f902c0c643a0e7bcc6f64d5fa4bc203bed774981c03f91168c31 | Triage

Sharing

General

Target

TCP99001110809.xlsx.exe
Size

871KB
Sample

231023-mq5gkshh64
MD5

d8784f1741f6b23b4d54cd3491c6a647
SHA1

8ff2a147857e62a852abaaf646f78415faabd768
SHA256

67222bd90963f902c0c643a0e7bcc6f64d5fa4bc203bed774981c03f91168c31
SHA512

495d0f0d6169a81b01fdf9a22d4b59ee373aa2909a4b6d5dc481d26d0447fab45a3aec00f03053c71e926f63a200be9d485af50cd86a3d375334a75f3be22b1d
SSDEEP

12288:d1PDog+IKBUb0M9uoG6x3b8CrP+K7joANj4rIL4DXNa+TMdWlqTj118:8IgMMobx3b8S1HVNMrdXxTCTj0

Score

7^/10

Malware Config

Targets

- Target
  
  TCP99001110809.xlsx.exe
- Size
  
  871KB
- MD5
  
  d8784f1741f6b23b4d54cd3491c6a647
- SHA1
  
  8ff2a147857e62a852abaaf646f78415faabd768
- SHA256
  
  67222bd90963f902c0c643a0e7bcc6f64d5fa4bc203bed774981c03f91168c31
- SHA512
  
  495d0f0d6169a81b01fdf9a22d4b59ee373aa2909a4b6d5dc481d26d0447fab45a3aec00f03053c71e926f63a200be9d485af50cd86a3d375334a75f3be22b1d
- SSDEEP
  
  12288:d1PDog+IKBUb0M9uoG6x3b8CrP+K7joANj4rIL4DXNa+TMdWlqTj118:8IgMMobx3b8S1HVNMrdXxTCTj0
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2