463f016919ee82b57b568e1aae880d87b0e85a650913426d48244ea95052d5f0 | Triage

Sharing

General

Target

463f016919ee82b57b568e1aae880d87b0e85a650913426d48244ea95052d5f0.exe
Size

15.9MB
Sample

241121-mwhj1a1cjd
MD5

75a3ddbc8689e1567bc8f8f90ff9d23e
SHA1

1a9111aa4df7216b881b9814735ff12ab44d393e
SHA256

463f016919ee82b57b568e1aae880d87b0e85a650913426d48244ea95052d5f0
SHA512

570deb0646c54268ca1ca7e96daad48be6e08146f72cf29cbd10363961c95636e4c92870dfc3ef553132a89d6a0a69873896716c259bb26171710effee32f92a
SSDEEP

393216:Sg7u6g7u6g7u6g7u6g7u6g7u6g7u6g7uH:vSHSHSHSHSHSHSHSH

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  463f016919ee82b57b568e1aae880d87b0e85a650913426d48244ea95052d5f0.exe
- Size
  
  15.9MB
- MD5
  
  75a3ddbc8689e1567bc8f8f90ff9d23e
- SHA1
  
  1a9111aa4df7216b881b9814735ff12ab44d393e
- SHA256
  
  463f016919ee82b57b568e1aae880d87b0e85a650913426d48244ea95052d5f0
- SHA512
  
  570deb0646c54268ca1ca7e96daad48be6e08146f72cf29cbd10363961c95636e4c92870dfc3ef553132a89d6a0a69873896716c259bb26171710effee32f92a
- SSDEEP
  
  393216:Sg7u6g7u6g7u6g7u6g7u6g7u6g7u6g7uH:vSHSHSHSHSHSHSHSH
Score

7^/10

discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence