efa68a1d46d22e8d61394a1905e8c539cb909805d4128355093111d7f22acf27 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e6386e5dc052759bf904ff4320b38a8
Size

7.9MB
Sample

231219-m11ldaacg3
MD5

0e6386e5dc052759bf904ff4320b38a8
SHA1

0e9c47ef6fcb8193ab610edef7b3bd3532a432f9
SHA256

efa68a1d46d22e8d61394a1905e8c539cb909805d4128355093111d7f22acf27
SHA512

df2a0c8046cc3075f220501ce99b997c624090c2e63ac48f329361cdd59493933f2e2288a8f7d9befec96afc195a48c0d3ea8fbf5c5df24add93331635ca9431
SSDEEP

196608:0Oazg7DS8Oazg7DS8Oazg7DS8Oazg7DSv:sg7uEg7uEg7uEg7uv

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  0e6386e5dc052759bf904ff4320b38a8
- Size
  
  7.9MB
- MD5
  
  0e6386e5dc052759bf904ff4320b38a8
- SHA1
  
  0e9c47ef6fcb8193ab610edef7b3bd3532a432f9
- SHA256
  
  efa68a1d46d22e8d61394a1905e8c539cb909805d4128355093111d7f22acf27
- SHA512
  
  df2a0c8046cc3075f220501ce99b997c624090c2e63ac48f329361cdd59493933f2e2288a8f7d9befec96afc195a48c0d3ea8fbf5c5df24add93331635ca9431
- SSDEEP
  
  196608:0Oazg7DS8Oazg7DS8Oazg7DS8Oazg7DSv:sg7uEg7uEg7uEg7uv
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2