c0d7fedabf01b26e4b751e7a19da6e2b949117586b822ea26b6463bd815bdae3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

34fe4e04c2463f0a8cfcb0788cf2e8ef
Size

169KB
Sample

240409-x3scwsfd58
MD5

34fe4e04c2463f0a8cfcb0788cf2e8ef
SHA1

407fdfef79b55b52f4e53e6bbd4438853b5c487e
SHA256

c0d7fedabf01b26e4b751e7a19da6e2b949117586b822ea26b6463bd815bdae3
SHA512

3061e717edef2fadd164d188f902ca1c66c14036c98cd9c5319d2e58eef94b7eb073a5a4d46fe7183f5c2e3f33fd078a19887b48bd6e76a3cd8b49578c4d54ae
SSDEEP

3072:H14mOxrKFNZYhrgtRFuV2DDbuiTf3hPsOraS87FYqjTZbn4TGh:HnYWYhrgtRo6DSiTf3hPswa1TZjxh

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  34fe4e04c2463f0a8cfcb0788cf2e8ef
- Size
  
  169KB
- MD5
  
  34fe4e04c2463f0a8cfcb0788cf2e8ef
- SHA1
  
  407fdfef79b55b52f4e53e6bbd4438853b5c487e
- SHA256
  
  c0d7fedabf01b26e4b751e7a19da6e2b949117586b822ea26b6463bd815bdae3
- SHA512
  
  3061e717edef2fadd164d188f902ca1c66c14036c98cd9c5319d2e58eef94b7eb073a5a4d46fe7183f5c2e3f33fd078a19887b48bd6e76a3cd8b49578c4d54ae
- SSDEEP
  
  3072:H14mOxrKFNZYhrgtRFuV2DDbuiTf3hPsOraS87FYqjTZbn4TGh:HnYWYhrgtRo6DSiTf3hPswa1TZjxh
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2