60618fa16468527f771964a42bf6e45bf9a2f58b9a310c8178bbe76c80b3b326 | Triage

Sharing

General

Target

60618fa16468527f771964a42bf6e45bf9a2f58b9a310c8178bbe76c80b3b326.exe
Size

15.9MB
Sample

241121-k14a6a1fjk
MD5

ab81167c11500b0d3704f42747ee2078
SHA1

2194f126cec6191eddb516ce9f57650d8066c989
SHA256

60618fa16468527f771964a42bf6e45bf9a2f58b9a310c8178bbe76c80b3b326
SHA512

64ee36d9a7b8442763e1283272671a239e2f26945dae20ecc23675c205fad5ae9c5b1446292e962fe866b801f1a470ee8e815342074171621701f213cd7b70a9
SSDEEP

393216:vg7ulg7ulg7ulg7ulg7ulg7ulg7ulg7uf:4SOSOSOSOSOSOSOSf

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  60618fa16468527f771964a42bf6e45bf9a2f58b9a310c8178bbe76c80b3b326.exe
- Size
  
  15.9MB
- MD5
  
  ab81167c11500b0d3704f42747ee2078
- SHA1
  
  2194f126cec6191eddb516ce9f57650d8066c989
- SHA256
  
  60618fa16468527f771964a42bf6e45bf9a2f58b9a310c8178bbe76c80b3b326
- SHA512
  
  64ee36d9a7b8442763e1283272671a239e2f26945dae20ecc23675c205fad5ae9c5b1446292e962fe866b801f1a470ee8e815342074171621701f213cd7b70a9
- SSDEEP
  
  393216:vg7ulg7ulg7ulg7ulg7ulg7ulg7ulg7uf:4SOSOSOSOSOSOSOSf
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence