dea738352078765aeb429eb92b642d976bb065436b85114daeac1c8c78467048 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dea738352078765aeb429eb92b642d976bb065436b85114daeac1c8c78467048
Size

97KB
Sample

221002-r5hnksbbe8
MD5

65b4d3c3c382bd271b3cb35b12c16430
SHA1

bdeda4572f195ec6a6aa0df575b3b79133d99bb2
SHA256

dea738352078765aeb429eb92b642d976bb065436b85114daeac1c8c78467048
SHA512

58dc98f1c4a0fb0f9321e772d3f1cfe338957c75054a6a1ac9b4b6f99ce8a8db63609dd427c2f5ad868b3959b444db7702233c68f2a13981189b19f2be78b77a
SSDEEP

1536:V2iaAU2IyeEZVf0WHEMhgePZ81k9tKmW3dAFo1lyqB1FkeBayDhRCce:Vq2rf0WFgePZLAwFo1EqB1F

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  dea738352078765aeb429eb92b642d976bb065436b85114daeac1c8c78467048
- Size
  
  97KB
- MD5
  
  65b4d3c3c382bd271b3cb35b12c16430
- SHA1
  
  bdeda4572f195ec6a6aa0df575b3b79133d99bb2
- SHA256
  
  dea738352078765aeb429eb92b642d976bb065436b85114daeac1c8c78467048
- SHA512
  
  58dc98f1c4a0fb0f9321e772d3f1cfe338957c75054a6a1ac9b4b6f99ce8a8db63609dd427c2f5ad868b3959b444db7702233c68f2a13981189b19f2be78b77a
- SSDEEP
  
  1536:V2iaAU2IyeEZVf0WHEMhgePZ81k9tKmW3dAFo1lyqB1FkeBayDhRCce:Vq2rf0WFgePZLAwFo1EqB1F
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence