61a9c1b8184892f10ad6ec49d4ae9553b488223395098e6c7d3042398bbd2022 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81a0278e38caf505afec0e2e05819b9d.zip
Size

7.3MB
Sample

240901-w8xn5aydkn
MD5

7e306c2eaed516e07c0f9f3130ece2b2
SHA1

bc509cf0769321fe64bfea006eefa7341347de6f
SHA256

61a9c1b8184892f10ad6ec49d4ae9553b488223395098e6c7d3042398bbd2022
SHA512

9e1d2f1045726642425f5a68e998a4811a9291beeb2060d2a52296c01be46bb2c4518474ab5b1bb608a0b8bf9d475650bb56b6538ce84687d4f4e6987594f26c
SSDEEP

196608:0ihMjAUa05Y+8TnAwCN398Do0cIKLFKO40ozE9hQO/RjbCR:/h9UaH+8TAwCNO00cIKLFKAYWhj5jbo

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  955b816b2760a6bded50f3b1dbaf68f6765a9f496212bb52ac949dd3d80e7b4d
- Size
  
  7.9MB
- MD5
  
  81a0278e38caf505afec0e2e05819b9d
- SHA1
  
  7e4e457f31d988b24e7c5e45e92c39a50af22ca4
- SHA256
  
  955b816b2760a6bded50f3b1dbaf68f6765a9f496212bb52ac949dd3d80e7b4d
- SHA512
  
  1a7d70b1bb43733f1bd52a61f9927cd7088341ab2c78e82550d5baa453897347ddd2431619f34a941dba1e4dcdf43a173902401382e357240562ab5472b899cd
- SSDEEP
  
  196608:8Tazg7DSmTazg7DSmTazg7DSmTazg7DSN:Dg7uhg7uhg7uhg7uN
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence