121049f641b104f6810e31f95b57b99b8b5a36c4e2319c301fda90d607b61bba | Triage

Sharing

General

Target

121049f641b104f6810e31f95b57b99b8b5a36c4e2319c301fda90d607b61bba
Size

32KB
Sample

220520-3p99faccam
MD5

f096b17e48dccdbe2bcbbabf2b3d2abc
SHA1

d47cfbf823d5875dd608f287d8fd2dd7a4b50ff1
SHA256

121049f641b104f6810e31f95b57b99b8b5a36c4e2319c301fda90d607b61bba
SHA512

ab19ad16865de33b6fab2fe05b1156ccef70929d6dd0128309c3ef5f8cd732aaca2a2f4463d1fc50d212cfdbf80a99e88e5215c2b6455e844239b508c3aa2762

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  121049f641b104f6810e31f95b57b99b8b5a36c4e2319c301fda90d607b61bba
- Size
  
  32KB
- MD5
  
  f096b17e48dccdbe2bcbbabf2b3d2abc
- SHA1
  
  d47cfbf823d5875dd608f287d8fd2dd7a4b50ff1
- SHA256
  
  121049f641b104f6810e31f95b57b99b8b5a36c4e2319c301fda90d607b61bba
- SHA512
  
  ab19ad16865de33b6fab2fe05b1156ccef70929d6dd0128309c3ef5f8cd732aaca2a2f4463d1fc50d212cfdbf80a99e88e5215c2b6455e844239b508c3aa2762
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence