5c03e76b6f6a6bb062a20220f452378c7489aac7767d6a96552f60cc612f9990 | Triage

Sharing

General

Target

5c03e76b6f6a6bb062a20220f452378c7489aac7767d6a96552f60cc612f9990.exe
Size

15.9MB
Sample

241121-gqechatncm
MD5

1fa91fba0b399955964ab3d74687ca3e
SHA1

374371a1d3e5ce58b8528de76b19b27b139b0380
SHA256

5c03e76b6f6a6bb062a20220f452378c7489aac7767d6a96552f60cc612f9990
SHA512

0b65c17587816aa23089a355011d491767e853a5ee627955755a46476a553e634d8305b43bbe0dfda2f1d28da55e9adbd5e480385c14fef55ba2ddd15becd120
SSDEEP

393216:Qg7u+g7u+g7u+g7u+g7u+g7u+g7u+g7uH:dSTSTSTSTSTSTSTSH

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  5c03e76b6f6a6bb062a20220f452378c7489aac7767d6a96552f60cc612f9990.exe
- Size
  
  15.9MB
- MD5
  
  1fa91fba0b399955964ab3d74687ca3e
- SHA1
  
  374371a1d3e5ce58b8528de76b19b27b139b0380
- SHA256
  
  5c03e76b6f6a6bb062a20220f452378c7489aac7767d6a96552f60cc612f9990
- SHA512
  
  0b65c17587816aa23089a355011d491767e853a5ee627955755a46476a553e634d8305b43bbe0dfda2f1d28da55e9adbd5e480385c14fef55ba2ddd15becd120
- SSDEEP
  
  393216:Qg7u+g7u+g7u+g7u+g7u+g7u+g7u+g7uH:dSTSTSTSTSTSTSTSH
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence