9d313d35bff618c041633e02019d6bf9c079868b450ee99e1b74c6cde238c2eb | Triage

Sharing

General

Target

9d313d35bff618c041633e02019d6bf9c079868b450ee99e1b74c6cde238c2eb
Size

62KB
Sample

221002-l2ymqsadb8
MD5

34d7a477d69b4c406c6539df7cd8f0d6
SHA1

7bef53fec89190c3a0c9c19d0ca564235819e672
SHA256

9d313d35bff618c041633e02019d6bf9c079868b450ee99e1b74c6cde238c2eb
SHA512

0709ca199c97d08179336f18466b2170d211f0ef4137fab93cf2b284e72a897e4b72285f4e8c2f6fddfea7488811999cfa98b5f15a2119f2453995708bd5b5aa
SSDEEP

768:krpeUKbGP2fSR1A+p2mbZ8veITg+zyRv077IaXriKBTnbcuyD7UQH:kMqR1AG2mbZ8GITDzy1a7iKBTnouy8QH

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  9d313d35bff618c041633e02019d6bf9c079868b450ee99e1b74c6cde238c2eb
- Size
  
  62KB
- MD5
  
  34d7a477d69b4c406c6539df7cd8f0d6
- SHA1
  
  7bef53fec89190c3a0c9c19d0ca564235819e672
- SHA256
  
  9d313d35bff618c041633e02019d6bf9c079868b450ee99e1b74c6cde238c2eb
- SHA512
  
  0709ca199c97d08179336f18466b2170d211f0ef4137fab93cf2b284e72a897e4b72285f4e8c2f6fddfea7488811999cfa98b5f15a2119f2453995708bd5b5aa
- SSDEEP
  
  768:krpeUKbGP2fSR1A+p2mbZ8veITg+zyRv077IaXriKBTnbcuyD7UQH:kMqR1AG2mbZ8GITDzy1a7iKBTnouy8QH
Score

8^/10

evasion persistence
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence