f5366a6ba2ca9b2802d79b58cb8741d5044921ffd6c1947053fb6cdc726297cf | Triage

Sharing

General

Target

f5366a6ba2ca9b2802d79b58cb8741d5044921ffd6c1947053fb6cdc726297cf
Size

111KB
Sample

221011-kjnt5sefbn
MD5

7bf66cc8b59405f094f888e9288c3193
SHA1

57e50078af3afdc73bb1afaafee8fd37ff378a29
SHA256

f5366a6ba2ca9b2802d79b58cb8741d5044921ffd6c1947053fb6cdc726297cf
SHA512

2cc2ecb4e74ac3192ee98955b91c888130bf8adf78f778f2628dea0b38d8aab7d6fb0d3b841e6e01b5656b2e8a38014d410d0bda12e70e46a6f30d8ba58fc1bd
SSDEEP

1536:58DhEmyiDdKzGIXP1z8ykqgR/QM1cl9+GvoQ+1cs2lQJvEeP2z8Ooad+y1iz3/7J:GhM4dKzPrkNR/QM1cli20mJoty1ir7J

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  f5366a6ba2ca9b2802d79b58cb8741d5044921ffd6c1947053fb6cdc726297cf
- Size
  
  111KB
- MD5
  
  7bf66cc8b59405f094f888e9288c3193
- SHA1
  
  57e50078af3afdc73bb1afaafee8fd37ff378a29
- SHA256
  
  f5366a6ba2ca9b2802d79b58cb8741d5044921ffd6c1947053fb6cdc726297cf
- SHA512
  
  2cc2ecb4e74ac3192ee98955b91c888130bf8adf78f778f2628dea0b38d8aab7d6fb0d3b841e6e01b5656b2e8a38014d410d0bda12e70e46a6f30d8ba58fc1bd
- SSDEEP
  
  1536:58DhEmyiDdKzGIXP1z8ykqgR/QM1cl9+GvoQ+1cs2lQJvEeP2z8Ooad+y1iz3/7J:GhM4dKzPrkNR/QM1cli20mJoty1ir7J
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2