1b53067065b9271a5848e8a51fcfcf2f6c6f4005247ec0d29f8a3b0e4c27cdf3 | Triage

Sharing

General

Target

1b53067065b9271a5848e8a51fcfcf2f6c6f4005247ec0d29f8a3b0e4c27cdf3
Size

102KB
Sample

221011-xa78mshfe3
MD5

6b0ec0eb49cc3e7847a3405be5302620
SHA1

07d7e33b67f569c5a8a509bd94eb6a4b83adc20a
SHA256

1b53067065b9271a5848e8a51fcfcf2f6c6f4005247ec0d29f8a3b0e4c27cdf3
SHA512

84917550d459dd24737085e88972c239a6aa74075ad377c70269d43b63151b401d441a0cb4f47fcc626d3984d6c7b8dff238acda41831ac2977b920b921ec8bb
SSDEEP

1536:z2oWR72UygYnzuquApbYpwn0rplH5SGTKKolVPh9A0Rw3kcbKmgHj:zpWR72UygWYAeVH5z+KsV8ABlj

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  1b53067065b9271a5848e8a51fcfcf2f6c6f4005247ec0d29f8a3b0e4c27cdf3
- Size
  
  102KB
- MD5
  
  6b0ec0eb49cc3e7847a3405be5302620
- SHA1
  
  07d7e33b67f569c5a8a509bd94eb6a4b83adc20a
- SHA256
  
  1b53067065b9271a5848e8a51fcfcf2f6c6f4005247ec0d29f8a3b0e4c27cdf3
- SHA512
  
  84917550d459dd24737085e88972c239a6aa74075ad377c70269d43b63151b401d441a0cb4f47fcc626d3984d6c7b8dff238acda41831ac2977b920b921ec8bb
- SSDEEP
  
  1536:z2oWR72UygYnzuquApbYpwn0rplH5SGTKKolVPh9A0Rw3kcbKmgHj:zpWR72UygWYAeVH5z+KsV8ABlj
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence