30e4b39310182374314113ffd59153eaee3378b091790ca15e4e1df0fa278621 | Triage

Sharing

General

Target

30e4b39310182374314113ffd59153eaee3378b091790ca15e4e1df0fa278621
Size

44KB
Sample

220919-vb3y7shcb8
MD5

54ee976b1768e9e332394e7de631feaa
SHA1

633fb759cdba5c4679b3c1fd27b211c46353f303
SHA256

30e4b39310182374314113ffd59153eaee3378b091790ca15e4e1df0fa278621
SHA512

ce971b6544540dbfc69b23b359e8dbf8b260f9c0d10010426abf5d58aa09d3fc57ff62bd9eeb854a1e75828ce0f1f3bcd14e9958ef5eb917b05d10427297f1ea
SSDEEP

768:JiSrB8yBUvsISCKzvKbax5nW26N581Y6HujHWUqvtq1QzwF125gNpCsWvEnadYIs:tZ5jpNuoWjwgMvEnaKIT

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  30e4b39310182374314113ffd59153eaee3378b091790ca15e4e1df0fa278621
- Size
  
  44KB
- MD5
  
  54ee976b1768e9e332394e7de631feaa
- SHA1
  
  633fb759cdba5c4679b3c1fd27b211c46353f303
- SHA256
  
  30e4b39310182374314113ffd59153eaee3378b091790ca15e4e1df0fa278621
- SHA512
  
  ce971b6544540dbfc69b23b359e8dbf8b260f9c0d10010426abf5d58aa09d3fc57ff62bd9eeb854a1e75828ce0f1f3bcd14e9958ef5eb917b05d10427297f1ea
- SSDEEP
  
  768:JiSrB8yBUvsISCKzvKbax5nW26N581Y6HujHWUqvtq1QzwF125gNpCsWvEnadYIs:tZ5jpNuoWjwgMvEnaKIT
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence