7a87adb381b7e312636e71d63c412c807536e6bc12309101f139d83e9934c389 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-09_56ae159db30d3c9e1e05fa5c890df4a3_mafia_stonedrill
Size

387KB
Sample

240309-gdeshadc53
MD5

56ae159db30d3c9e1e05fa5c890df4a3
SHA1

582c101e2c2eadcbdc49172d13adbca707aa02c4
SHA256

7a87adb381b7e312636e71d63c412c807536e6bc12309101f139d83e9934c389
SHA512

5cef420aab2bdc9e9d612d92b964bd9273449c18521952cc9f5c2f0c80b547adff4b791bf6f09459b685e71181dc5e88cbb598ad13e119ce85f3df654eda4620
SSDEEP

12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sY204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sp

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2024-03-09_56ae159db30d3c9e1e05fa5c890df4a3_mafia_stonedrill
- Size
  
  387KB
- MD5
  
  56ae159db30d3c9e1e05fa5c890df4a3
- SHA1
  
  582c101e2c2eadcbdc49172d13adbca707aa02c4
- SHA256
  
  7a87adb381b7e312636e71d63c412c807536e6bc12309101f139d83e9934c389
- SHA512
  
  5cef420aab2bdc9e9d612d92b964bd9273449c18521952cc9f5c2f0c80b547adff4b791bf6f09459b685e71181dc5e88cbb598ad13e119ce85f3df654eda4620
- SSDEEP
  
  12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sY204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sp
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2