903caa0741f60235cf6b216a1d7125ee175a5d1be7c2576d059b958284738439 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

903caa0741f60235cf6b216a1d7125ee175a5d1be7c2576d059b958284738439
Size

43KB
Sample

221004-h77k2sheal
MD5

444549cce0aaa1d5adab4302dcd23411
SHA1

9a4d9283e78cfd024ced4f89ce3c085564f6e3d7
SHA256

903caa0741f60235cf6b216a1d7125ee175a5d1be7c2576d059b958284738439
SHA512

ab445636d41401f38a1f4c00f431763edbcfa550404656cfd5dbaea779842a504edc46c015358cf3ffbf1b97587280273e20f153ba6ac464435f3fb80a5cee08
SSDEEP

768:bYZB38+7i5VSck+7YrK9eTO2ww5c1T6H8jHfYqvtO1qJIr1xCSN7Y7JIHCCjPkar:MqenMSU36N8SAIHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  903caa0741f60235cf6b216a1d7125ee175a5d1be7c2576d059b958284738439
- Size
  
  43KB
- MD5
  
  444549cce0aaa1d5adab4302dcd23411
- SHA1
  
  9a4d9283e78cfd024ced4f89ce3c085564f6e3d7
- SHA256
  
  903caa0741f60235cf6b216a1d7125ee175a5d1be7c2576d059b958284738439
- SHA512
  
  ab445636d41401f38a1f4c00f431763edbcfa550404656cfd5dbaea779842a504edc46c015358cf3ffbf1b97587280273e20f153ba6ac464435f3fb80a5cee08
- SSDEEP
  
  768:bYZB38+7i5VSck+7YrK9eTO2ww5c1T6H8jHfYqvtO1qJIr1xCSN7Y7JIHCCjPkar:MqenMSU36N8SAIHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence