5e87a55af16467f5db590da7b5660f2870dd6c2d7cbebec3ec58ec7a36514773 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

154453cfde08209fec51635ae6e19a3a.zip
Size

7.3MB
Sample

240906-25hcxssfng
MD5

709f8b9c2513b06e2e714ef11888c73b
SHA1

55800fbadf3fd749fdafa8f73f5351564bfaa347
SHA256

5e87a55af16467f5db590da7b5660f2870dd6c2d7cbebec3ec58ec7a36514773
SHA512

892e269eeb39cc69984fca2e1800cb293735c44e93aced72e735bbf0f008cbd1263c50d325806617c8fdccd07542f62e1cfa8120bf2027655936e14a45b6f12c
SSDEEP

196608:7eq/WPV2mmO7Tiw1rs2QwPQhBmHX2Dc6pzDNk:amWPVvNTiKjQ2mUHXg5i

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  afc82c2443e9d26629bdd8656b4f18514f3bcd16bbc0fbde750d519a874ae8dd
- Size
  
  7.9MB
- MD5
  
  154453cfde08209fec51635ae6e19a3a
- SHA1
  
  2d044f22cb7419bf932b14a784c3a5f7811a577e
- SHA256
  
  afc82c2443e9d26629bdd8656b4f18514f3bcd16bbc0fbde750d519a874ae8dd
- SHA512
  
  61da37729f5f9b67250f4a616444ee03f1a52e6b1ca3812d10c75805e6771e37e4f53daaf80c933288b78ca306956b058b8883f66e954faa116d842f5051b6f2
- SSDEEP
  
  196608:87azg7DSm7azg7DSm7azg7DSm7azg7DSN:zg7uFg7uFg7uFg7uN
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence