6f9fcdf305954ce3df1e87806efd915d469df15cfb38a843d6550ddc819189dc | Triage

Sharing

General

Target

6f9fcdf305954ce3df1e87806efd915d469df15cfb38a843d6550ddc819189dc.exe
Size

936KB
Sample

241121-m6a8nswlbm
MD5

00f1134ac30c0f5fc7394d3c5115430f
SHA1

01d262ab5e765a4c80c8b015055c91fc2ce944a3
SHA256

6f9fcdf305954ce3df1e87806efd915d469df15cfb38a843d6550ddc819189dc
SHA512

3b88134012fefafb992a239381226698832d5290623879c94797c97d7891ad8c1936238ac268a38f5dadff5e0bd6b936b312c57c7891316fa242850a878f77b7
SSDEEP

12288:pCoVUa6kt9k13IJmTQil+zNAfZb2hkMd4UyDebmmYfTJSgnqivM4+a3K8Q/K1P6Q:MU19kRImAzWb2hk+yWmmWdnqi5GW+pn4

Score

7^/10

execution

Malware Config

Targets

- Target
  
  6f9fcdf305954ce3df1e87806efd915d469df15cfb38a843d6550ddc819189dc.exe
- Size
  
  936KB
- MD5
  
  00f1134ac30c0f5fc7394d3c5115430f
- SHA1
  
  01d262ab5e765a4c80c8b015055c91fc2ce944a3
- SHA256
  
  6f9fcdf305954ce3df1e87806efd915d469df15cfb38a843d6550ddc819189dc
- SHA512
  
  3b88134012fefafb992a239381226698832d5290623879c94797c97d7891ad8c1936238ac268a38f5dadff5e0bd6b936b312c57c7891316fa242850a878f77b7
- SSDEEP
  
  12288:pCoVUa6kt9k13IJmTQil+zNAfZb2hkMd4UyDebmmYfTJSgnqivM4+a3K8Q/K1P6Q:MU19kRImAzWb2hk+yWmmWdnqi5GW+pn4
Score

7^/10

execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2