ec7ba96c616bf01e30cc54436e14d83787dd6aa8d0f5435eb6b64d25d0a361f0 | Triage

Sharing

General

Target

ec7ba96c616bf01e30cc54436e14d83787dd6aa8d0f5435eb6b64d25d0a361f0
Size

408KB
Sample

240711-jql4fswgmj
MD5

f5766a3eef3e23b8f66aa4ed0445d662
SHA1

5129349d19dcd3174dbb2c3a6eb3154339238b28
SHA256

ec7ba96c616bf01e30cc54436e14d83787dd6aa8d0f5435eb6b64d25d0a361f0
SHA512

3b11045dc4410bb9da26395ba5202191242fde99742353c528aee921fb5abddf2b6df573d68a21740dd1690370e5f5e5b5decddade43d4d8fef62644ee9d22bb
SSDEEP

6144:kck18MipfIUaQYu8tbS6JBcj0U5hjX/Tvf8MjKFW8jb/HVbdsifRe9+fHrGJH:kX8Djadu8J4YSjX/THKxr1bBGsHrGJH

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  ec7ba96c616bf01e30cc54436e14d83787dd6aa8d0f5435eb6b64d25d0a361f0
- Size
  
  408KB
- MD5
  
  f5766a3eef3e23b8f66aa4ed0445d662
- SHA1
  
  5129349d19dcd3174dbb2c3a6eb3154339238b28
- SHA256
  
  ec7ba96c616bf01e30cc54436e14d83787dd6aa8d0f5435eb6b64d25d0a361f0
- SHA512
  
  3b11045dc4410bb9da26395ba5202191242fde99742353c528aee921fb5abddf2b6df573d68a21740dd1690370e5f5e5b5decddade43d4d8fef62644ee9d22bb
- SSDEEP
  
  6144:kck18MipfIUaQYu8tbS6JBcj0U5hjX/Tvf8MjKFW8jb/HVbdsifRe9+fHrGJH:kX8Djadu8J4YSjX/THKxr1bBGsHrGJH
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2