6dee81e04ac37e2ffa5d9bb0c22d782f010ebd72c249ccb4ad4bdaea24d36067 | Triage

Sharing

General

Target

5b1dabfd79624a6c314e84e9223f1382
Size

1.8MB
Sample

240306-k2y3tsgh28
MD5

5b1dabfd79624a6c314e84e9223f1382
SHA1

015a0f9f8340060ee49d1f824f82cd37981f6217
SHA256

6dee81e04ac37e2ffa5d9bb0c22d782f010ebd72c249ccb4ad4bdaea24d36067
SHA512

99e4efac827c6b79ea15846e683ba0580baef4c7bbf87813ff17956b0caf47631ee76d5e0522ed4be299f419993729a66e06391ec9b2eee26e4ba1e6d339ecdf
SSDEEP

49152:NAvv2Q9GenxPXe/h6iXlQsPtT+0T5ehipEJ94J:Nw1GeRyh1lxtS0Fpo94J

Score

10^/10

Malware Config

Targets

- Target
  
  5b1dabfd79624a6c314e84e9223f1382
- Size
  
  1.8MB
- MD5
  
  5b1dabfd79624a6c314e84e9223f1382
- SHA1
  
  015a0f9f8340060ee49d1f824f82cd37981f6217
- SHA256
  
  6dee81e04ac37e2ffa5d9bb0c22d782f010ebd72c249ccb4ad4bdaea24d36067
- SHA512
  
  99e4efac827c6b79ea15846e683ba0580baef4c7bbf87813ff17956b0caf47631ee76d5e0522ed4be299f419993729a66e06391ec9b2eee26e4ba1e6d339ecdf
- SSDEEP
  
  49152:NAvv2Q9GenxPXe/h6iXlQsPtT+0T5ehipEJ94J:Nw1GeRyh1lxtS0Fpo94J
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10
behavioral3 behavioral4
- Target
  
  $TEMP/Closing
- Size
  
  172KB
- MD5
  
  1d9bc84b0dde55ab1d8741d23aa57baf
- SHA1
  
  30e8bae07f6b631282b9aaeec5ac807a467b0c4a
- SHA256
  
  333bbe23c6f8faeaa0cda9ddcc92cc88bc8d5368d8519b1f9481454b4129dbfa
- SHA512
  
  11efcb1d9c48217e818c81225993502b8b036485405cf698dfe30aad10641c8c0d679c935a5a5666f90bbdbaa81d2af40a280eeb1cdffc1c01da9b85b867818f
- SSDEEP
  
  3072:vsVEU0SgcAApfFSvfWLhOa2rdf1wFX8ZpU80KS/n0zmPuE:mHggFOrrdNWsZK8X0n0SPuE
Score

1^/10
behavioral5 behavioral6
- Target
  
  $TEMP/Www
- Size
  
  263KB
- MD5
  
  ea37c821d1b156f038cfd3db724b9bcc
- SHA1
  
  91076b5e5ee8632bafc2056d469cae883ef80408
- SHA256
  
  4ff090b36e166df1c7ae0c62a03180bdd658238af5490de032390fd28df61a49
- SHA512
  
  c598833c8893faf093328afb69278562cc8eae76ef9f2af2269e8c773f0500f057e200a27332e33df2fc69a299fbcdaf85f7052040bbdcf7329a139b258287bc
- SSDEEP
  
  3072:NBDO9Pbg1t3GC6ibiBXjP88cpWyX4DhsKZ1nS7e6fA092axehSA:69Pbg1tCTUT8DhfnSJfA09Ne5
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8