efee38133480e7ccaa11424d49bb3d8ebdb89ffb1d81a10f6c405337e7d3a737 | Triage

Sharing

General

Target

tmp
Size

2.9MB
Sample

240305-1lanasbb86
MD5

8340b7602e82921aa8d72ae4f8ea11cc
SHA1

a49524d26639130bc09acb4a0187917fbc5ec003
SHA256

efee38133480e7ccaa11424d49bb3d8ebdb89ffb1d81a10f6c405337e7d3a737
SHA512

eab92e881f24d6fdcb061540c3ee96f4d4fa9e26a7ef1ea82743ebca3e64821f94467cc65a2c3e83ee4c9091cc4e714e938b9f583c3dc9f88938555322e04f10
SSDEEP

49152:qy540hQLZ04Zv0lP/x3CTa5i1UXMYKGQylk7lQkqfxcTSI9PVVb99JjGn:qy5406+4UP/xCTa+YKGQyWlQBZcTSIpm

Score

8^/10

Malware Config

Targets

- Target
  
  tmp
- Size
  
  2.9MB
- MD5
  
  8340b7602e82921aa8d72ae4f8ea11cc
- SHA1
  
  a49524d26639130bc09acb4a0187917fbc5ec003
- SHA256
  
  efee38133480e7ccaa11424d49bb3d8ebdb89ffb1d81a10f6c405337e7d3a737
- SHA512
  
  eab92e881f24d6fdcb061540c3ee96f4d4fa9e26a7ef1ea82743ebca3e64821f94467cc65a2c3e83ee4c9091cc4e714e938b9f583c3dc9f88938555322e04f10
- SSDEEP
  
  49152:qy540hQLZ04Zv0lP/x3CTa5i1UXMYKGQylk7lQkqfxcTSI9PVVb99JjGn:qy5406+4UP/xCTa+YKGQyWlQBZcTSIpm
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2