eeec673d4866e9740fbeb3c99c78fd59b5ebc8bb362ca2c99ef812d59a8a6b3d | Triage

Sharing

General

Target

78ae5e31c4cd12ab7a1583b6278a46d1
Size

228KB
Sample

240126-3jf4eageg7
MD5

78ae5e31c4cd12ab7a1583b6278a46d1
SHA1

4e7bf577843157423bacd6513c449a8c00f114bc
SHA256

eeec673d4866e9740fbeb3c99c78fd59b5ebc8bb362ca2c99ef812d59a8a6b3d
SHA512

a7dc9a247819d2e9195ada25e31770bc93f4d975e1fb489c44884da4d3611a5ee7859157650f365bcf6dfdf0ab20105f58f4ba4dafe8b682ace50c4b04646363
SSDEEP

3072:JeU7WML3qnfm3j5eoavzi07cT2AczBcwt4dIusitmVgtAcPFCa/AOMXbM7PLFLAB:JeROz+X5ymVpgFCDb6d

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  78ae5e31c4cd12ab7a1583b6278a46d1
- Size
  
  228KB
- MD5
  
  78ae5e31c4cd12ab7a1583b6278a46d1
- SHA1
  
  4e7bf577843157423bacd6513c449a8c00f114bc
- SHA256
  
  eeec673d4866e9740fbeb3c99c78fd59b5ebc8bb362ca2c99ef812d59a8a6b3d
- SHA512
  
  a7dc9a247819d2e9195ada25e31770bc93f4d975e1fb489c44884da4d3611a5ee7859157650f365bcf6dfdf0ab20105f58f4ba4dafe8b682ace50c4b04646363
- SSDEEP
  
  3072:JeU7WML3qnfm3j5eoavzi07cT2AczBcwt4dIusitmVgtAcPFCa/AOMXbM7PLFLAB:JeROz+X5ymVpgFCDb6d
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2