e9cfd9c3fa2c0245f9fe8d005af91400773c90e98af4cd3dc8bb4134f61a5391 | Triage

Sharing

General

Target

e9cfd9c3fa2c0245f9fe8d005af91400773c90e98af4cd3dc8bb4134f61a5391
Size

43KB
Sample

221020-tpwllscggk
MD5

80a0ec46d9a3ccf934a093fb9a0aea50
SHA1

d6c9af634ad4fc99254aa1a93905a107d9c39e7e
SHA256

e9cfd9c3fa2c0245f9fe8d005af91400773c90e98af4cd3dc8bb4134f61a5391
SHA512

7f092123026db26c344016c38c98f858e44b4062c380fd49106d5e5f637ea13dd868e62b5aa4f4c14e3c233993951f6a344f378ac4376c930f18bcdfd0e79deb
SSDEEP

768:TCiVL8OfeVLmSQ4CzsrLW92Ta2MP5k1a6HAjHeWqvtW1ZXTcZ1Lu3NvY41c0MHCT:3czC2LlDQ6iZyy3hY4uHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  e9cfd9c3fa2c0245f9fe8d005af91400773c90e98af4cd3dc8bb4134f61a5391
- Size
  
  43KB
- MD5
  
  80a0ec46d9a3ccf934a093fb9a0aea50
- SHA1
  
  d6c9af634ad4fc99254aa1a93905a107d9c39e7e
- SHA256
  
  e9cfd9c3fa2c0245f9fe8d005af91400773c90e98af4cd3dc8bb4134f61a5391
- SHA512
  
  7f092123026db26c344016c38c98f858e44b4062c380fd49106d5e5f637ea13dd868e62b5aa4f4c14e3c233993951f6a344f378ac4376c930f18bcdfd0e79deb
- SSDEEP
  
  768:TCiVL8OfeVLmSQ4CzsrLW92Ta2MP5k1a6HAjHeWqvtW1ZXTcZ1Lu3NvY41c0MHCT:3czC2LlDQ6iZyy3hY4uHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence