44e6496622a32cf8b38caad776fd12c8698a5082caa1d5868e21386777d91646 | Triage

Sharing

General

Target

0470bc9b6883cab32f8e20ea352ed02d
Size

2.4MB
Sample

231224-ta64sshhd2
MD5

0470bc9b6883cab32f8e20ea352ed02d
SHA1

cd8eb96e56e852c1cb420b401a2c8c488aac8543
SHA256

44e6496622a32cf8b38caad776fd12c8698a5082caa1d5868e21386777d91646
SHA512

f1021aa68fd9d390514c16be897a4e442637f3cb62c6b7f553dd45b787ee1c2d963ed99d8e726d6650c509c5b6747fe17a806595a9889e94ea1b0b3e840ce0ca
SSDEEP

49152:GJaSVA+AsBXue0dMpOBFOEhQf5Uv+dqPS7LxNPiVM2xqU17/bJEbEIwFYdAs/:2bVA+AsBXwep6OEhQxU2dgm3iM2xqUxm

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  Photo01 By ‮‮‮‮gpj.SCR
- Size
  
  547KB
- MD5
  
  dc5e556beac206f025de1c9f92d2e39b
- SHA1
  
  c0820fed333a9bb3c800950e5d3f46b0ade731e0
- SHA256
  
  560e31e0a9b21391f252a3096e2e0e495eb7c33a7548de1d71dea1a334536aee
- SHA512
  
  4f34c33157fa78e7d068480962ad30116673a62fff7591b95d245e3cdc56e218cb6c8cc63ad1930d555a033ce810ba929c9040ebcc7df61099f673fbb8e6b621
- SSDEEP
  
  12288:oXTxe8fUp6qreT2A+FY0u7qMg+RIGjFGKOyeRJatK:xpVLqg+KW5b3tK
Score

10^/10

evasion
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2