04f7a8e9a8a1031fe34496d0729f8eef3f9fa6d04b9369116fdd7aeab95a3e87 | Triage

Sharing

General

Target

04f7a8e9a8a1031fe34496d0729f8eef3f9fa6d04b9369116fdd7aeab95a3e87
Size

143KB
Sample

221003-sqmvescee3
MD5

66839a5f934952806eea150d2a022140
SHA1

f727ff85a05706b1f36ff9aa8eedba1547768ceb
SHA256

04f7a8e9a8a1031fe34496d0729f8eef3f9fa6d04b9369116fdd7aeab95a3e87
SHA512

40846ef26183488b0e5e6b4840da89d5e4137a912712c6024a95650205ccc1dddaf65cae7982f8655a2426ed082009fa06c0c33d123efce6207ce1854d25b17b
SSDEEP

3072:YCm/+JvYipDHV4pG6XM8ouZ3bsrDVtWp1MDyGDQcPgOAJocmBeAyBdXRPXyNx7kP:YCm/+JvrDHVGG6X6uZ3bsrJtWp1MDyG7

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  04f7a8e9a8a1031fe34496d0729f8eef3f9fa6d04b9369116fdd7aeab95a3e87
- Size
  
  143KB
- MD5
  
  66839a5f934952806eea150d2a022140
- SHA1
  
  f727ff85a05706b1f36ff9aa8eedba1547768ceb
- SHA256
  
  04f7a8e9a8a1031fe34496d0729f8eef3f9fa6d04b9369116fdd7aeab95a3e87
- SHA512
  
  40846ef26183488b0e5e6b4840da89d5e4137a912712c6024a95650205ccc1dddaf65cae7982f8655a2426ed082009fa06c0c33d123efce6207ce1854d25b17b
- SSDEEP
  
  3072:YCm/+JvYipDHV4pG6XM8ouZ3bsrDVtWp1MDyGDQcPgOAJocmBeAyBdXRPXyNx7kP:YCm/+JvrDHVGG6X6uZ3bsrJtWp1MDyG7
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence