0c240bbd2732102296862088a459c4854bea6e8bdfac19a4a9da47b0d6f25900 | Triage

Sharing

General

Target

0c240bbd2732102296862088a459c4854bea6e8bdfac19a4a9da47b0d6f25900.exe
Size

3.1MB
Sample

240914-t384vsthlc
MD5

ef9ca8c2e7af86d9c440d78027bbc2ae
SHA1

3bc2144e3cc300542eab8c4b98691027611919c0
SHA256

0c240bbd2732102296862088a459c4854bea6e8bdfac19a4a9da47b0d6f25900
SHA512

6580bf439b4eabc12a7d19ec71713cd4a7d60558a92cd28dbe8d952ed9c21da691c334cb026dd37ef3628ec67f56d2406541c760a7d9d84012123c2298adee7d
SSDEEP

98304:UObppUKlSjRvw+QlFZA6eyElAijr7K93GqyKPxkDNZ:SJFv8zZA6ferO9dyqSN

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  0c240bbd2732102296862088a459c4854bea6e8bdfac19a4a9da47b0d6f25900.exe
- Size
  
  3.1MB
- MD5
  
  ef9ca8c2e7af86d9c440d78027bbc2ae
- SHA1
  
  3bc2144e3cc300542eab8c4b98691027611919c0
- SHA256
  
  0c240bbd2732102296862088a459c4854bea6e8bdfac19a4a9da47b0d6f25900
- SHA512
  
  6580bf439b4eabc12a7d19ec71713cd4a7d60558a92cd28dbe8d952ed9c21da691c334cb026dd37ef3628ec67f56d2406541c760a7d9d84012123c2298adee7d
- SSDEEP
  
  98304:UObppUKlSjRvw+QlFZA6eyElAijr7K93GqyKPxkDNZ:SJFv8zZA6ferO9dyqSN
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence