f1afdabadabfa8a959435d4e79e3990b82b58474844474eae9151251101ab525 | Triage

Sharing

General

Target

download.dat
Size

430KB
Sample

220906-r8l56sbham
MD5

179dd039b8dab994f76fbcff7097fd14
SHA1

6abce14c18dead770e8e2d52b3120ec79abc2051
SHA256

f1afdabadabfa8a959435d4e79e3990b82b58474844474eae9151251101ab525
SHA512

f3611f1fe05bafc5703903b36fe55a321014df55af619ac61ac7fadaf2dd66c2006ac08bedce0440fb03fa77a6e68338d8092fc29208fdab9327905e1274ca86
SSDEEP

12288:/pphUHNwjG0P28Z1pNSZ3+ktXjz5WdCB5GpX:RphsfInp8l+ktXn5WgB5GJ

Score

8^/10

discovery evasion exploit persistence

Malware Config

Targets

- Target
  
  download.dat
- Size
  
  430KB
- MD5
  
  179dd039b8dab994f76fbcff7097fd14
- SHA1
  
  6abce14c18dead770e8e2d52b3120ec79abc2051
- SHA256
  
  f1afdabadabfa8a959435d4e79e3990b82b58474844474eae9151251101ab525
- SHA512
  
  f3611f1fe05bafc5703903b36fe55a321014df55af619ac61ac7fadaf2dd66c2006ac08bedce0440fb03fa77a6e68338d8092fc29208fdab9327905e1274ca86
- SSDEEP
  
  12288:/pphUHNwjG0P28Z1pNSZ3+ktXjz5WdCB5GpX:RphsfInp8l+ktXn5WgB5GJ
Score

8^/10

discovery exploit persistence evasion
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistence

behavioral2

discoveryevasionexploitpersistence