5b1a748fd59c47f872ed89cf33d3c55b61939d1686396458b5cec7a97351255f | Triage

Sharing

General

Target

0e88d215c560501b6a4ba041c0d54635
Size

118KB
Sample

231230-e48r6afhe7
MD5

0e88d215c560501b6a4ba041c0d54635
SHA1

95a45dd007e93df49fbb91222476160f526ee12a
SHA256

5b1a748fd59c47f872ed89cf33d3c55b61939d1686396458b5cec7a97351255f
SHA512

c12471436dd95c894eaf26ce2a943929376c6a5e4ecc75016d3b029bfbc519aec1d1ccf545a205d9a0ea445fa6ccff3ad0b7f0508da557efa182cde6a8d811ea
SSDEEP

3072:7ni7SKGEBa+LTcXuDENCtpFqYaG9w0Hi:Li71GhacXuDyCXFqTG90

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  0e88d215c560501b6a4ba041c0d54635
- Size
  
  118KB
- MD5
  
  0e88d215c560501b6a4ba041c0d54635
- SHA1
  
  95a45dd007e93df49fbb91222476160f526ee12a
- SHA256
  
  5b1a748fd59c47f872ed89cf33d3c55b61939d1686396458b5cec7a97351255f
- SHA512
  
  c12471436dd95c894eaf26ce2a943929376c6a5e4ecc75016d3b029bfbc519aec1d1ccf545a205d9a0ea445fa6ccff3ad0b7f0508da557efa182cde6a8d811ea
- SSDEEP
  
  3072:7ni7SKGEBa+LTcXuDENCtpFqYaG9w0Hi:Li71GhacXuDyCXFqTG90
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2