General

  • Target

    stage2.exe

  • Size

    209KB

  • Sample

    220117-bk4gjsgffr

  • MD5

    14c8482f302b5e81e3fa1b18a509289d

  • SHA1

    16525cb2fd86dce842107eb1ba6174b23f188537

  • SHA256

    dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78

  • SHA512

    fdaaac4ee73db90f69dc43a20f24d8f80a2f659288d28538c6fd1946b8861bb161b41ad3bcd65d16843cd21350e95c606f991a990110e100029b58abce978353

Score
10/10

Malware Config

Targets

    • Target

      stage2.exe

    • Size

      209KB

    • MD5

      14c8482f302b5e81e3fa1b18a509289d

    • SHA1

      16525cb2fd86dce842107eb1ba6174b23f188537

    • SHA256

      dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78

    • SHA512

      fdaaac4ee73db90f69dc43a20f24d8f80a2f659288d28538c6fd1946b8861bb161b41ad3bcd65d16843cd21350e95c606f991a990110e100029b58abce978353

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks