d9fe2f2f9e3c2e51578a37420109a2d16e694a7443119d12ef8aa52451594fdc | Triage

Sharing

General

Target

d9fe2f2f9e3c2e51578a37420109a2d16e694a7443119d12ef8aa52451594fdc
Size

26KB
Sample

221019-1d4w6shed9
MD5

a1973bc48b596fde96ae860918a8e704
SHA1

31b0b9187deab5a82ec38e297a8865edfdf5b114
SHA256

d9fe2f2f9e3c2e51578a37420109a2d16e694a7443119d12ef8aa52451594fdc
SHA512

79b57249209cc69e77cb35d1c548159f2bf57ed7b0a6618744f375f2b4710876042ab31ed8978dee8614a18a677e259d670007af91dcecaf19f8cf5a1e114ab3
SSDEEP

768:qoLKGnH5P5gyW3d8HXVEu5TWYxYL/vOa:sc5htW3dQEUWNDvOa

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  d9fe2f2f9e3c2e51578a37420109a2d16e694a7443119d12ef8aa52451594fdc
- Size
  
  26KB
- MD5
  
  a1973bc48b596fde96ae860918a8e704
- SHA1
  
  31b0b9187deab5a82ec38e297a8865edfdf5b114
- SHA256
  
  d9fe2f2f9e3c2e51578a37420109a2d16e694a7443119d12ef8aa52451594fdc
- SHA512
  
  79b57249209cc69e77cb35d1c548159f2bf57ed7b0a6618744f375f2b4710876042ab31ed8978dee8614a18a677e259d670007af91dcecaf19f8cf5a1e114ab3
- SSDEEP
  
  768:qoLKGnH5P5gyW3d8HXVEu5TWYxYL/vOa:sc5htW3dQEUWNDvOa
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence