28fe5f2219434d52cefb8ea3e3fdce090a01ef9ea9ed0d5bfadea550e60dc45b | Triage

Sharing

General

Target

28fe5f2219434d52cefb8ea3e3fdce090a01ef9ea9ed0d5bfadea550e60dc45b.exe
Size

15.9MB
Sample

241121-kp361szrcz
MD5

ba0074d540a39cefe328281f020ce3f3
SHA1

efcfe6494fcd2a0b27e0e7a73fdbbb424443d0f4
SHA256

28fe5f2219434d52cefb8ea3e3fdce090a01ef9ea9ed0d5bfadea550e60dc45b
SHA512

9897b6e5380912ce75c7ee65d7ffe8fb7492f30e48949109293695ef4da2ce98f7ebaea5eeb4d0a13816fa4488cb80e01887a6defe83765be27262474d5bf9c2
SSDEEP

393216:Mg7uug7uug7uug7uug7uug7uug7uug7uP:xSjSjSjSjSjSjSjSP

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  28fe5f2219434d52cefb8ea3e3fdce090a01ef9ea9ed0d5bfadea550e60dc45b.exe
- Size
  
  15.9MB
- MD5
  
  ba0074d540a39cefe328281f020ce3f3
- SHA1
  
  efcfe6494fcd2a0b27e0e7a73fdbbb424443d0f4
- SHA256
  
  28fe5f2219434d52cefb8ea3e3fdce090a01ef9ea9ed0d5bfadea550e60dc45b
- SHA512
  
  9897b6e5380912ce75c7ee65d7ffe8fb7492f30e48949109293695ef4da2ce98f7ebaea5eeb4d0a13816fa4488cb80e01887a6defe83765be27262474d5bf9c2
- SSDEEP
  
  393216:Mg7uug7uug7uug7uug7uug7uug7uug7uP:xSjSjSjSjSjSjSjSP
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence