db1f9839eadfd7dc8c75c497af90215be8559501b4122a17218c59429833154c | Triage

Sharing

General

Target

db1f9839eadfd7dc8c75c497af90215be8559501b4122a17218c59429833154c.exe
Size

979KB
Sample

240920-mbjlka1gpj
MD5

6b4a9d470362ac3b9a2f55309708c3f8
SHA1

7708b90b913ef8f84b22d846b0a15394370d50aa
SHA256

db1f9839eadfd7dc8c75c497af90215be8559501b4122a17218c59429833154c
SHA512

6f05e5f3bef95ffaa618f4821feb56d4457f466b873bdecf890b1b1f526dab238f8d10a1ebbeacf3cee97269ae0eddc841a90b40b0bf2a5db81790b3262b2194
SSDEEP

24576:/9E2P8JNhRp8Sjfi0DFysgc6srOkooa+rCQsoYkhhqMsKxpwitX5KyfN:/HGhbLjvDFysgcPrvXa+rCVLk7q/Kx5f

Score

10^/10

discovery

Malware Config

Targets

- Target
  
  db1f9839eadfd7dc8c75c497af90215be8559501b4122a17218c59429833154c.exe
- Size
  
  979KB
- MD5
  
  6b4a9d470362ac3b9a2f55309708c3f8
- SHA1
  
  7708b90b913ef8f84b22d846b0a15394370d50aa
- SHA256
  
  db1f9839eadfd7dc8c75c497af90215be8559501b4122a17218c59429833154c
- SHA512
  
  6f05e5f3bef95ffaa618f4821feb56d4457f466b873bdecf890b1b1f526dab238f8d10a1ebbeacf3cee97269ae0eddc841a90b40b0bf2a5db81790b3262b2194
- SSDEEP
  
  24576:/9E2P8JNhRp8Sjfi0DFysgc6srOkooa+rCQsoYkhhqMsKxpwitX5KyfN:/HGhbLjvDFysgcPrvXa+rCVLk7q/Kx5f
Score

10^/10

discovery
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2