e247dc96ef358a7a8b91d7224d8c9af845acf1410e694cefdd4f977a0845cc9f | Triage

Sharing

General

Target

e247dc96ef358a7a8b91d7224d8c9af845acf1410e694cefdd4f977a0845cc9f
Size

595KB
Sample

221002-2pa9nsdhd5
MD5

6ba89295d9ec47899d50ef552b4b8353
SHA1

6df0ab0529c83b6fd8ccb4eb4b43c8105b1c788a
SHA256

e247dc96ef358a7a8b91d7224d8c9af845acf1410e694cefdd4f977a0845cc9f
SHA512

1ba9b4114eef68df7d4a77f9f02dc484e953b1bffd29181a4685fce8b37358ab34b9b2d0531ee8fd3573301a1ad98e0bb0445ea377f4e25be9fa6342b4246193
SSDEEP

12288:e5frSJnIvvIvKBw83Ai4k4PHrpNkj3QmwS:e9InWIKBw83kPE3Q

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  e247dc96ef358a7a8b91d7224d8c9af845acf1410e694cefdd4f977a0845cc9f
- Size
  
  595KB
- MD5
  
  6ba89295d9ec47899d50ef552b4b8353
- SHA1
  
  6df0ab0529c83b6fd8ccb4eb4b43c8105b1c788a
- SHA256
  
  e247dc96ef358a7a8b91d7224d8c9af845acf1410e694cefdd4f977a0845cc9f
- SHA512
  
  1ba9b4114eef68df7d4a77f9f02dc484e953b1bffd29181a4685fce8b37358ab34b9b2d0531ee8fd3573301a1ad98e0bb0445ea377f4e25be9fa6342b4246193
- SSDEEP
  
  12288:e5frSJnIvvIvKBw83Ai4k4PHrpNkj3QmwS:e9InWIKBw83kPE3Q
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence