8e08a7b594ff9f05683355f4f772205eead36aaec859295d68d24f6f5931a3ed

Resubmissions

20/03/2024, 02:45

240320-c8tspafa56 8

20/03/2024, 02:32

240320-c1lr4sfd31 8

20/03/2024, 02:04

240320-chsspseg5s 8

Sharing

Copy URL

Twitter E-mail

General

Target

15999844262.zip
Size

75KB
Sample

240320-c1lr4sfd31
MD5

b9a89bc08bea9e6a3dfc6107042a054f
SHA1

552c774f222cae1df44673a9897cbf20c65a2613
SHA256

8e08a7b594ff9f05683355f4f772205eead36aaec859295d68d24f6f5931a3ed
SHA512

0b296fdd03292bd66447b7590cc51d3229350efcbb85464f4e3b1f89c6871447a0040f0e7101ad2ea7de385275f492fdb84dab45f719a636d1d9ee33d3875add
SSDEEP

1536:xKZwzCRaRqwaJ/5ZXBVBv6p95FVW2Wp6VkcYvZjCEnVUx4R8TzA:4ZYeaZaHmbXcp6VyZnS4AA

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  98ac0a744497cf22f08ae5e2e49eba547253f7824b2a76ecfd7cf786dd1b34ce
- Size
  
  157KB
- MD5
  
  23a71377b58f082202b467da8c693dc0
- SHA1
  
  083cdeb1f92b0073e9db107b39b439239cfebff2
- SHA256
  
  98ac0a744497cf22f08ae5e2e49eba547253f7824b2a76ecfd7cf786dd1b34ce
- SHA512
  
  1e3ba4a2837c503a05bdfaa74da61d56e60a60e19ca023f90b90eb02a19d01ba8593e0b6329ad92d15f3a8cb4bc173927a64f9bef3d7ee92f3cc6708b157d26c
- SSDEEP
  
  3072:OaV5NSZh/awGqU42RvG+q4xgc3RR+vsZbqXRF1kEcVwJbknkxvQqTSTw8aP:XNSn/s42Rvrq4xgc3RR+vYbqXRFtcVw1
Score

8^/10

persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Checks computer location settings

Adds Run key to start application

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2