8a32c609eb73ea7a075294380d73f2caae13d2a95a361ae26d90adcb08897a7d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8a32c609eb73ea7a075294380d73f2caae13d2a95a361ae26d90adcb08897a7d
Size

176KB
Sample

221003-2vn3qabagk
MD5

49a91e51ab076c2ca7421e8e84d1b75c
SHA1

348915d8139112afd427ea90a1b2867a0b38d623
SHA256

8a32c609eb73ea7a075294380d73f2caae13d2a95a361ae26d90adcb08897a7d
SHA512

4b7a117f058c75f2807c8bf61f1636064f93a30ce0046c2726b6157c2aa5f373e9291b6b174a36fc381357737b292f80fa2a8e51f4ba330e88c2f699b0df5cc1
SSDEEP

768:eESJdOMiiq8+D7wilwK+5XGm7vdQPcPBs1AYOHW/zC2RrG:lSJYb/kieKWxQYs1AjHWLC21

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  8a32c609eb73ea7a075294380d73f2caae13d2a95a361ae26d90adcb08897a7d
- Size
  
  176KB
- MD5
  
  49a91e51ab076c2ca7421e8e84d1b75c
- SHA1
  
  348915d8139112afd427ea90a1b2867a0b38d623
- SHA256
  
  8a32c609eb73ea7a075294380d73f2caae13d2a95a361ae26d90adcb08897a7d
- SHA512
  
  4b7a117f058c75f2807c8bf61f1636064f93a30ce0046c2726b6157c2aa5f373e9291b6b174a36fc381357737b292f80fa2a8e51f4ba330e88c2f699b0df5cc1
- SSDEEP
  
  768:eESJdOMiiq8+D7wilwK+5XGm7vdQPcPBs1AYOHW/zC2RrG:lSJYb/kieKWxQYs1AjHWLC21
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence