25e66d559c1572bcfcf520f69a175b9900d8743c07a3367210679a78d9a5691f | Triage

Sharing

General

Target

25e66d559c1572bcfcf520f69a175b9900d8743c07a3367210679a78d9a5691f.exe
Size

7.9MB
Sample

241121-ln231azhmg
MD5

ca2e6d6cdb1fb9b421040b191b8e8f83
SHA1

6ada884eb1998496eac96727d39406008e527b60
SHA256

25e66d559c1572bcfcf520f69a175b9900d8743c07a3367210679a78d9a5691f
SHA512

f6a68b9537c953e7e95852d7325cc26ceea2d90e62916e69e26539105a15d6e9803a5c6dced698b8904bbc3f5552bee2c7d352e131d0865738f41fc1c6706bfc
SSDEEP

196608:0Fazg7DS8Fazg7DS8Fazg7DS8Fazg7DSn:lg7u9g7u9g7u9g7un

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  25e66d559c1572bcfcf520f69a175b9900d8743c07a3367210679a78d9a5691f.exe
- Size
  
  7.9MB
- MD5
  
  ca2e6d6cdb1fb9b421040b191b8e8f83
- SHA1
  
  6ada884eb1998496eac96727d39406008e527b60
- SHA256
  
  25e66d559c1572bcfcf520f69a175b9900d8743c07a3367210679a78d9a5691f
- SHA512
  
  f6a68b9537c953e7e95852d7325cc26ceea2d90e62916e69e26539105a15d6e9803a5c6dced698b8904bbc3f5552bee2c7d352e131d0865738f41fc1c6706bfc
- SSDEEP
  
  196608:0Fazg7DS8Fazg7DS8Fazg7DS8Fazg7DSn:lg7u9g7u9g7u9g7un
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence