966964e08871f65799b6b269f682e6b5f23e7c273b7a5c52c7d1fbb27334a1d3 | Triage

Sharing

General

Target

966964e08871f65799b6b269f682e6b5f23e7c273b7a5c52c7d1fbb27334a1d3
Size

177KB
Sample

221002-p1181shaeq
MD5

708633e36ef96f8fa075f00859d9d860
SHA1

d1977f6930ff7326fc7b04b218a9d0000c481c4f
SHA256

966964e08871f65799b6b269f682e6b5f23e7c273b7a5c52c7d1fbb27334a1d3
SHA512

fb16b0f2393dd90668cfd3fbb7ee74d408799d0e2bb0777ae09426a3912874627f8ae2fd76f6ae36466b987c3d2aea8c027f9cd66c074682486a45068fc7c299
SSDEEP

3072:2dSK04ETBpp5NXyh4TBfRvjLTI5fbkOsBnBUgWU:2dSK04ETTZ+4TBpvjLCMBagWU

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  966964e08871f65799b6b269f682e6b5f23e7c273b7a5c52c7d1fbb27334a1d3
- Size
  
  177KB
- MD5
  
  708633e36ef96f8fa075f00859d9d860
- SHA1
  
  d1977f6930ff7326fc7b04b218a9d0000c481c4f
- SHA256
  
  966964e08871f65799b6b269f682e6b5f23e7c273b7a5c52c7d1fbb27334a1d3
- SHA512
  
  fb16b0f2393dd90668cfd3fbb7ee74d408799d0e2bb0777ae09426a3912874627f8ae2fd76f6ae36466b987c3d2aea8c027f9cd66c074682486a45068fc7c299
- SSDEEP
  
  3072:2dSK04ETBpp5NXyh4TBfRvjLTI5fbkOsBnBUgWU:2dSK04ETTZ+4TBpvjLCMBagWU
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence