c1d37d63b2ae9e5a813e29391119b32a5a96010f4de04f736e849515258e0e8b | Triage

Sharing

General

Target

c1d37d63b2ae9e5a813e29391119b32a5a96010f4de04f736e849515258e0e8b
Size

105KB
Sample

221011-xs25caaghk
MD5

65d9c9a18d96d8c9da65a37b4c2a5572
SHA1

42660dc87fd5fa12aa452a4c5cd7fd3fa20628c3
SHA256

c1d37d63b2ae9e5a813e29391119b32a5a96010f4de04f736e849515258e0e8b
SHA512

0f845a701c29f33a83715ebfb60e5f6b881a9a1bfe00016ac4df667f425baf88ee547cb7a87e212e13490dd07566f4d20432109599cc04c4dc27c0c0b55f6928
SSDEEP

3072:pxIWTjOKItEKn/tenU6suHaqwbmrFf5j:pL3FI6+1enU6su6Jbmj

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  c1d37d63b2ae9e5a813e29391119b32a5a96010f4de04f736e849515258e0e8b
- Size
  
  105KB
- MD5
  
  65d9c9a18d96d8c9da65a37b4c2a5572
- SHA1
  
  42660dc87fd5fa12aa452a4c5cd7fd3fa20628c3
- SHA256
  
  c1d37d63b2ae9e5a813e29391119b32a5a96010f4de04f736e849515258e0e8b
- SHA512
  
  0f845a701c29f33a83715ebfb60e5f6b881a9a1bfe00016ac4df667f425baf88ee547cb7a87e212e13490dd07566f4d20432109599cc04c4dc27c0c0b55f6928
- SSDEEP
  
  3072:pxIWTjOKItEKn/tenU6suHaqwbmrFf5j:pL3FI6+1enU6su6Jbmj
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence