b881e4bb7c643881f3e5ca1160249c27a8d5fcb94c70eb956e9b25721dd39d90 | Triage

Sharing

General

Target

b881e4bb7c643881f3e5ca1160249c27a8d5fcb94c70eb956e9b25721dd39d90
Size

95KB
Sample

221003-sw9alsdaar
MD5

58a3a2f9ab8d0aded4f00ed461bd82e0
SHA1

f9162b42a57b262248132c2eb891740d3ee09519
SHA256

b881e4bb7c643881f3e5ca1160249c27a8d5fcb94c70eb956e9b25721dd39d90
SHA512

9c83cee920147101e1d3ec87a749910adaed6c6ac9241ff5cc938980c6f1b176f1a1879bf390cd1a1d8ffdf011bb44c65475529157de6b9e2746c3d257e10448
SSDEEP

1536:G5JniwE6tDml/ueQ8r9nTkD84wVNgn8wOBCxYHy/MfK/ptM5Bg0K8dpKI4f:GNEebwN9wAL7AW/K97

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  b881e4bb7c643881f3e5ca1160249c27a8d5fcb94c70eb956e9b25721dd39d90
- Size
  
  95KB
- MD5
  
  58a3a2f9ab8d0aded4f00ed461bd82e0
- SHA1
  
  f9162b42a57b262248132c2eb891740d3ee09519
- SHA256
  
  b881e4bb7c643881f3e5ca1160249c27a8d5fcb94c70eb956e9b25721dd39d90
- SHA512
  
  9c83cee920147101e1d3ec87a749910adaed6c6ac9241ff5cc938980c6f1b176f1a1879bf390cd1a1d8ffdf011bb44c65475529157de6b9e2746c3d257e10448
- SSDEEP
  
  1536:G5JniwE6tDml/ueQ8r9nTkD84wVNgn8wOBCxYHy/MfK/ptM5Bg0K8dpKI4f:GNEebwN9wAL7AW/K97
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence