46a851ae68e39c0418126f16e30ff40e5a39375ef0acec8c9730287dfed440cf | Triage

Sharing

General

Target

46a851ae68e39c0418126f16e30ff40e5a39375ef0acec8c9730287dfed440cf
Size

66KB
Sample

220919-1g5ymsadg4
MD5

212ed115e3880dd24329894e9829547b
SHA1

4292ff2b2ca05e4ede32d7bf0c8e2497767a75f1
SHA256

46a851ae68e39c0418126f16e30ff40e5a39375ef0acec8c9730287dfed440cf
SHA512

9eb27989a2ff53a756cfde2b39e18c14a49837867e6a5bf89bb0ac8822908c9501de49b8a04a334c4a9e35f9a5bba9567d316821782d37edae9f9a54bcf61104
SSDEEP

1536:HsrTImGCxTil5vaKtfUHl1jeeeeeeMeeeeeeWLU:HsnT9R

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  46a851ae68e39c0418126f16e30ff40e5a39375ef0acec8c9730287dfed440cf
- Size
  
  66KB
- MD5
  
  212ed115e3880dd24329894e9829547b
- SHA1
  
  4292ff2b2ca05e4ede32d7bf0c8e2497767a75f1
- SHA256
  
  46a851ae68e39c0418126f16e30ff40e5a39375ef0acec8c9730287dfed440cf
- SHA512
  
  9eb27989a2ff53a756cfde2b39e18c14a49837867e6a5bf89bb0ac8822908c9501de49b8a04a334c4a9e35f9a5bba9567d316821782d37edae9f9a54bcf61104
- SSDEEP
  
  1536:HsrTImGCxTil5vaKtfUHl1jeeeeeeMeeeeeeWLU:HsnT9R
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence