c219e0ab4eb019b5bcb15575d699fa4cbb9184b9a99dbab08e6d649393a9caa5 | Triage

Sharing

General

Target

c219e0ab4eb019b5bcb15575d699fa4cbb9184b9a99dbab08e6d649393a9caa5
Size

396KB
Sample

221012-v4mgxsdfb5
MD5

64b89d936146984acaffdf44de80a070
SHA1

bbaa2298533b261cf0d045522037065ef28a8def
SHA256

c219e0ab4eb019b5bcb15575d699fa4cbb9184b9a99dbab08e6d649393a9caa5
SHA512

305bcb066e35d2a954895ce6671be24444fc5d3df34653f8f3989747bf0e6cbc19c7c7056154f3382c5bd4d53cdbc7981844531602748f0db63780dbb2584dd7
SSDEEP

12288:K6T9DJb2QIJ/lwXiDHZ/L7onty+5AKiZTKPwIu:K6dB2LJ/lEO5/LcjAKiZTKPhu

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  c219e0ab4eb019b5bcb15575d699fa4cbb9184b9a99dbab08e6d649393a9caa5
- Size
  
  396KB
- MD5
  
  64b89d936146984acaffdf44de80a070
- SHA1
  
  bbaa2298533b261cf0d045522037065ef28a8def
- SHA256
  
  c219e0ab4eb019b5bcb15575d699fa4cbb9184b9a99dbab08e6d649393a9caa5
- SHA512
  
  305bcb066e35d2a954895ce6671be24444fc5d3df34653f8f3989747bf0e6cbc19c7c7056154f3382c5bd4d53cdbc7981844531602748f0db63780dbb2584dd7
- SSDEEP
  
  12288:K6T9DJb2QIJ/lwXiDHZ/L7onty+5AKiZTKPwIu:K6dB2LJ/lEO5/LcjAKiZTKPhu
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence