3a24e9614c836957c0ffc670f660c63cc44117669dc6805fb2f79953728e717b | Triage

Sharing

General

Target

3a24e9614c836957c0ffc670f660c63cc44117669dc6805fb2f79953728e717b
Size

251KB
Sample

221003-r7719abfc7
MD5

66257a85aecf2e05f1f6c729e250a460
SHA1

2d11f10cf55b124356ea53bd1f030292b68f20ac
SHA256

3a24e9614c836957c0ffc670f660c63cc44117669dc6805fb2f79953728e717b
SHA512

bd6e832a330efa4450622f1ee85b92dc2e7826b6f0894eb83f9242a641aea5a1603bc6e0e19ef16c20256bb5dcab86aba3116c1a0a33dd1594bd9d9cb784d69b
SSDEEP

3072:zI36iNfhv+XWwKWDzN2izzUDm6QpzJ8f2mMsfzVLmC4DGYD1VIT2U2Z:zI366+XWwKWDzTIDmDsdfz4ClY4T2U2

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  3a24e9614c836957c0ffc670f660c63cc44117669dc6805fb2f79953728e717b
- Size
  
  251KB
- MD5
  
  66257a85aecf2e05f1f6c729e250a460
- SHA1
  
  2d11f10cf55b124356ea53bd1f030292b68f20ac
- SHA256
  
  3a24e9614c836957c0ffc670f660c63cc44117669dc6805fb2f79953728e717b
- SHA512
  
  bd6e832a330efa4450622f1ee85b92dc2e7826b6f0894eb83f9242a641aea5a1603bc6e0e19ef16c20256bb5dcab86aba3116c1a0a33dd1594bd9d9cb784d69b
- SSDEEP
  
  3072:zI36iNfhv+XWwKWDzN2izzUDm6QpzJ8f2mMsfzVLmC4DGYD1VIT2U2Z:zI366+XWwKWDzTIDmDsdfz4ClY4T2U2
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence