863045b88a4260d8311695e8e65dae5b7d46584ceccaf3e1382b70c4dfe0f17b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

863045b88a4260d8311695e8e65dae5b7d46584ceccaf3e1382b70c4dfe0f17b
Size

43KB
Sample

221020-ke65xsdehm
MD5

812c47979a057a35c0388845ceef83a0
SHA1

1b15a3d987ae357f936aac11ff1c27076527de70
SHA256

863045b88a4260d8311695e8e65dae5b7d46584ceccaf3e1382b70c4dfe0f17b
SHA512

b4345b2257830c7dee2286e72ed098265379a258d7dc30d99ee4cebd4ae3dae0b97ffdc6d9fb55c67154316dbe92752c255dedbdf4868a2e4752205e3757d9ad
SSDEEP

768:N62h17Ru4g0EWZYIxXNdZlnTM4I0yG2GEwCHWkB:rRgsYIxXD/I0H2GE4K

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  863045b88a4260d8311695e8e65dae5b7d46584ceccaf3e1382b70c4dfe0f17b
- Size
  
  43KB
- MD5
  
  812c47979a057a35c0388845ceef83a0
- SHA1
  
  1b15a3d987ae357f936aac11ff1c27076527de70
- SHA256
  
  863045b88a4260d8311695e8e65dae5b7d46584ceccaf3e1382b70c4dfe0f17b
- SHA512
  
  b4345b2257830c7dee2286e72ed098265379a258d7dc30d99ee4cebd4ae3dae0b97ffdc6d9fb55c67154316dbe92752c255dedbdf4868a2e4752205e3757d9ad
- SSDEEP
  
  768:N62h17Ru4g0EWZYIxXNdZlnTM4I0yG2GEwCHWkB:rRgsYIxXD/I0H2GE4K
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence