6ddc55d0c2fcb23ab8ea69907c07ac6cc7ac956b8568e953a0a30826f2d6772e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ddc55d0c2fcb23ab8ea69907c07ac6cc7ac956b8568e953a0a30826f2d6772e
Size

505KB
Sample

231106-1hywqaha67
MD5

b9e490e3877740d8e29a89f96752b733
SHA1

904447791512ee7b51285ef19ea33268e202718d
SHA256

6ddc55d0c2fcb23ab8ea69907c07ac6cc7ac956b8568e953a0a30826f2d6772e
SHA512

73d1be35ba18e3c455bfb48500f7826a5544399a9a25a01562ba016902f5bafd38c143d110876175562018ed96b52bff2065ca72943524aed0dddbd595f5bf82
SSDEEP

12288:8UxJUM61FKwFAYFvd23nzAIxtcSQXA5aIYrBcmpx/TT:3jWij4vdWzPt1L5aZcqf

Score

7^/10

Malware Config

Targets

- Target
  
  Rzxyzi.exe
- Size
  
  596KB
- MD5
  
  98e8fac2a87046bb10d4f410e44efb13
- SHA1
  
  8e7ceb472212015f0df84dc89a040c1a070db4e4
- SHA256
  
  1ea3d4e78cb38be89f6eef332184b37a9473d1085b266a17f346f6a913936fbe
- SHA512
  
  73da373d86811318583fb6e7a2aa5444e51454208712cd62924c6349c6dc8b8f5de025a9d85fb744dcd3d88160353781e490e963ea55e04f82d55eb2a8f8947c
- SSDEEP
  
  12288:478/uNVjJOEA1F2wFMYFZdg/nzAkx5cSkXCvUMErBcUpbtJF:88KF0+54Zd2zH51xvUNc4F
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2