ac2ec0c7c884115f6edb7315baabf16b473e36a8b660faba59286870af096ee3 | Triage

Sharing

General

Target

53e1c00592c60bdfdc8b78f15ec130c5.zip
Size

7.9MB
Sample

240901-r827dsthpe
MD5

0f2ab260a6365c581cd64c572f06059d
SHA1

ac8c1266ea34b07b88133d2ec775ff98a787a7c3
SHA256

ac2ec0c7c884115f6edb7315baabf16b473e36a8b660faba59286870af096ee3
SHA512

0827e9b48acff310678501e94bb924905ca545d71c419fe619f590c831b2c037e4646f04b9955838ec05d64de0dec7524182cef7780e6c64efdcccb05b927d78
SSDEEP

196608:OQxjuWS0bo/xBKNL4/tMHjVy4Kz1BWyFMpV4x2Z/h0r:Oc7mqNM/W0nCpY

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  17cf98c1e047fc99d1a71cfe05712e919880e57ec7ebf0aeeac6ae8f5f00147c
- Size
  
  8.9MB
- MD5
  
  53e1c00592c60bdfdc8b78f15ec130c5
- SHA1
  
  c79bf792effc40d72cfed8a7700ccbb1d1e65e3f
- SHA256
  
  17cf98c1e047fc99d1a71cfe05712e919880e57ec7ebf0aeeac6ae8f5f00147c
- SHA512
  
  4ee722241d6c575fb0dd9593be16cfaec658be41b2b62566fbcb41679ed587246834983f424e029dfd6513c52829f77ed4fe3578baf8ad44f53ddaf4b49fc732
- SSDEEP
  
  196608:8/azg7DSm/azg7DSmy/azg7DSm/azg7DSmB:/g7uRg7u0g7uRg7uO
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence