bfb37aa9dc260c37ae67eddd6a9b00cd281b93543027fa4a8efb6f1d366ec975 | Triage

Sharing

General

Target

bfb37aa9dc260c37ae67eddd6a9b00cd281b93543027fa4a8efb6f1d366ec975
Size

43KB
Sample

221002-2n53nadhc8
MD5

6c6933be90e03518c08380a58c015924
SHA1

34b0a0eea1cb5501bd9ca836a1206eee827bf7cf
SHA256

bfb37aa9dc260c37ae67eddd6a9b00cd281b93543027fa4a8efb6f1d366ec975
SHA512

bd8dbfa5d07749cc141ac1ae6cb9571051359c0cd63b2e6091d1f38952084b2f169c4cc3c05c83ff8306ff21d18612b7d17b2dcabf3f436d6f6a59c5e37aa017
SSDEEP

768:JowFb8OPu19SIo6zcrq92T62cf5s1q6HCjH+Gqvt21mls514B4yiNvMelv0HCCjm:h+2rNTqqivk4yiHl8HCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  bfb37aa9dc260c37ae67eddd6a9b00cd281b93543027fa4a8efb6f1d366ec975
- Size
  
  43KB
- MD5
  
  6c6933be90e03518c08380a58c015924
- SHA1
  
  34b0a0eea1cb5501bd9ca836a1206eee827bf7cf
- SHA256
  
  bfb37aa9dc260c37ae67eddd6a9b00cd281b93543027fa4a8efb6f1d366ec975
- SHA512
  
  bd8dbfa5d07749cc141ac1ae6cb9571051359c0cd63b2e6091d1f38952084b2f169c4cc3c05c83ff8306ff21d18612b7d17b2dcabf3f436d6f6a59c5e37aa017
- SSDEEP
  
  768:JowFb8OPu19SIo6zcrq92T62cf5s1q6HCjH+Gqvt21mls514B4yiNvMelv0HCCjm:h+2rNTqqivk4yiHl8HCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence