b29f90f12aa5761fc8b5029d5a636a7453db6f8593172177ba372391fc0a6739 | Triage

Sharing

General

Target

51e2a96606f54fce4b0497c2da7ef5f3.zip
Size

7.9MB
Sample

240903-wvqzesthkb
MD5

9125cea729208747b39cebd424ab98d7
SHA1

cdb92552872473d6cda2df627606ebc53a83d3f3
SHA256

b29f90f12aa5761fc8b5029d5a636a7453db6f8593172177ba372391fc0a6739
SHA512

d71bbebd028c6cb3b9939b1f7065b3f20ce9341cafeff61a389d18449dc9cb8d4eb064e8fab4d0f10084b00de28d3d48d5a51976e85f510d83dde93b5215105b
SSDEEP

196608:SVDq1U3SxKWrjOLrfyVIqBSLnT+6zNjcYM3Hp7:SU11x5raf20TL+YIHp7

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  5db171fd2c0ebc118010b00564de3971c1495b1b66cdbfb62ac9b69fc8841a06
- Size
  
  8.9MB
- MD5
  
  51e2a96606f54fce4b0497c2da7ef5f3
- SHA1
  
  c66e9a47af430b1fe0b719673ba61f3fcea82fc3
- SHA256
  
  5db171fd2c0ebc118010b00564de3971c1495b1b66cdbfb62ac9b69fc8841a06
- SHA512
  
  64a682a8f683dd1a5e458680f1f22b3d552d7e30d1cf6ca65e864257ca78810b20e458191bb19a5cb3ed3fceb1ee5180cff526f7a0e7e8e7bb7a6f5b91e38611
- SSDEEP
  
  196608:8cazg7DSmcazg7DSmrcazg7DSmcazg7DSmu:yg7uwg7ukg7uwg7uh
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence