4b747f699cdab219152094dd541ebcb6da7e47bbcc8fb33b226b0013d4c7d7f2 | Triage

Sharing

General

Target

be62854618491cb4fe30b2299102bb1b
Size

1.7MB
Sample

231222-rm6bxshcbj
MD5

be62854618491cb4fe30b2299102bb1b
SHA1

9eefa9228fef11bd0ee3d064f06ab3a91667edcd
SHA256

4b747f699cdab219152094dd541ebcb6da7e47bbcc8fb33b226b0013d4c7d7f2
SHA512

6088d33d9871ee8c1e8d01f18466ca86a21cf89d892dc6f5d07a5dc0eea2dafc570a86352c0b151fd22e471d2f38ccfacca832e40228f2d1f7d3b9e5afb67cb7
SSDEEP

24576:uf1H2XHc6gL75XqyHlXv0L5U+u2C8ZfVLgBdJbREOzdwIgcy9ldmLdGxnPKLnMxp:ufkclLdfKZfByRdsirDc

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  be62854618491cb4fe30b2299102bb1b
- Size
  
  1.7MB
- MD5
  
  be62854618491cb4fe30b2299102bb1b
- SHA1
  
  9eefa9228fef11bd0ee3d064f06ab3a91667edcd
- SHA256
  
  4b747f699cdab219152094dd541ebcb6da7e47bbcc8fb33b226b0013d4c7d7f2
- SHA512
  
  6088d33d9871ee8c1e8d01f18466ca86a21cf89d892dc6f5d07a5dc0eea2dafc570a86352c0b151fd22e471d2f38ccfacca832e40228f2d1f7d3b9e5afb67cb7
- SSDEEP
  
  24576:uf1H2XHc6gL75XqyHlXv0L5U+u2C8ZfVLgBdJbREOzdwIgcy9ldmLdGxnPKLnMxp:ufkclLdfKZfByRdsirDc
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2