5f89ee84b341acfe8bb865d0427a63496bade38e3911f587c100aed755265308 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f89ee84b341acfe8bb865d0427a63496bade38e3911f587c100aed755265308
Size

141KB
Sample

220918-2bwcpagdek
MD5

3c6efdaeba6f4002e2b69a4bc894f2e7
SHA1

0bc379629a4b498d41779f9b45945efe815458fe
SHA256

5f89ee84b341acfe8bb865d0427a63496bade38e3911f587c100aed755265308
SHA512

203de61022658f595971954d604ae0627cb498af5113b516efa94d7544da3790c7078279f0b8870b7eedc92021cddb3fefcb5baf7015a98d49d63678de31d15f
SSDEEP

3072:70+R+u0XPqD+Z8lG4t2y/kL7OLi6/tsgbyDV1BWisMcrF2FE1CvaOh0Xq:70UZ0/J8lG4HkLKGEex1BefrF2rSO1

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  5f89ee84b341acfe8bb865d0427a63496bade38e3911f587c100aed755265308
- Size
  
  141KB
- MD5
  
  3c6efdaeba6f4002e2b69a4bc894f2e7
- SHA1
  
  0bc379629a4b498d41779f9b45945efe815458fe
- SHA256
  
  5f89ee84b341acfe8bb865d0427a63496bade38e3911f587c100aed755265308
- SHA512
  
  203de61022658f595971954d604ae0627cb498af5113b516efa94d7544da3790c7078279f0b8870b7eedc92021cddb3fefcb5baf7015a98d49d63678de31d15f
- SSDEEP
  
  3072:70+R+u0XPqD+Z8lG4t2y/kL7OLi6/tsgbyDV1BWisMcrF2FE1CvaOh0Xq:70UZ0/J8lG4HkLKGEex1BefrF2rSO1
Score

8^/10

evasion persistence
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

evasionpersistence