070bd3dc96ed813b8b63ef21f9a002640cf28514ada9cd4b7e04c0c9b012e9cc | Triage

Sharing

General

Target

2024-09-06_b650646ee24d9b4f5a28e7d8f083f679_mafia_stonedrill
Size

387KB
Sample

240906-sr14fatgpb
MD5

b650646ee24d9b4f5a28e7d8f083f679
SHA1

d8aafd9bccc24516ea6cb4e36b103e5042dc4cec
SHA256

070bd3dc96ed813b8b63ef21f9a002640cf28514ada9cd4b7e04c0c9b012e9cc
SHA512

e0f53700e30aea58043d40e70f7571ba92e97b9f65cb4645587f9a6306edeb8e4c2099109c9f23fc6fecc7671bf3259ec8c200dfa701c0cd19a1d03f0bfbdad9
SSDEEP

12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sB204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sK

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  2024-09-06_b650646ee24d9b4f5a28e7d8f083f679_mafia_stonedrill
- Size
  
  387KB
- MD5
  
  b650646ee24d9b4f5a28e7d8f083f679
- SHA1
  
  d8aafd9bccc24516ea6cb4e36b103e5042dc4cec
- SHA256
  
  070bd3dc96ed813b8b63ef21f9a002640cf28514ada9cd4b7e04c0c9b012e9cc
- SHA512
  
  e0f53700e30aea58043d40e70f7571ba92e97b9f65cb4645587f9a6306edeb8e4c2099109c9f23fc6fecc7671bf3259ec8c200dfa701c0cd19a1d03f0bfbdad9
- SSDEEP
  
  12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sB204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sK
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence