dfef81de68b9aaf054df713c596c3902f3f92156d7cf041f903188b32a35e4a9 | Triage

Sharing

General

Target

PAGO22_0.EXE.exe
Size

613KB
Sample

240221-b5tg3shg75
MD5

0acff2d04f191a3ca73e513e5b7c0da0
SHA1

1bb0969f481f503e8650b749e564fde5ee75b74f
SHA256

dfef81de68b9aaf054df713c596c3902f3f92156d7cf041f903188b32a35e4a9
SHA512

4825bba9c3214ad4aa45bc6643577d5a48a70ff7961f740c8bbfe61cce086a0d9e02a2408fb607b7999b8703c6c63905f8f425f3d54195d23ac00524ac12d9fd
SSDEEP

12288:NcrNS33L10QdrXjcDnVgLIsXIlqEZNFpvYR3dHhndvPSwMw2a:wNA3R5drXoDVg4pRYRNHhnRSwga

Score

7^/10

Malware Config

Targets

- Target
  
  PAGO22_0.EXE.exe
- Size
  
  613KB
- MD5
  
  0acff2d04f191a3ca73e513e5b7c0da0
- SHA1
  
  1bb0969f481f503e8650b749e564fde5ee75b74f
- SHA256
  
  dfef81de68b9aaf054df713c596c3902f3f92156d7cf041f903188b32a35e4a9
- SHA512
  
  4825bba9c3214ad4aa45bc6643577d5a48a70ff7961f740c8bbfe61cce086a0d9e02a2408fb607b7999b8703c6c63905f8f425f3d54195d23ac00524ac12d9fd
- SSDEEP
  
  12288:NcrNS33L10QdrXjcDnVgLIsXIlqEZNFpvYR3dHhndvPSwMw2a:wNA3R5drXoDVg4pRYRNHhnRSwga
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2