cc9724f98f41ec67739b6bbcb818b353f3864db86f4cba7ce5c8c9b24c5941d6 | Triage

Sharing

General

Target

cc9724f98f41ec67739b6bbcb818b353f3864db86f4cba7ce5c8c9b24c5941d6
Size

707KB
Sample

221020-x8j9gabeak
MD5

a0010ef73af346827f58019702999e80
SHA1

26dbc97cb76284cd2a74171cdd73b67a6a1bef77
SHA256

cc9724f98f41ec67739b6bbcb818b353f3864db86f4cba7ce5c8c9b24c5941d6
SHA512

bf64e387e19a642e22e8285b47f5c945056b217029b8b39fb94ea0b7b5873852b584cdd4a5167c90b2a89378df67a802b5437ccfe731c970ef7f72703790d039
SSDEEP

12288:vApKlLJ7PZ6BtorUU/4eb5A7t9SP5ZOhXmtfICEc34o7yBSjY/AHCFvitJJH3hmx:4Yl3EtSd5AjhXoACEfo7BjY/AHCFvcJc

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  cc9724f98f41ec67739b6bbcb818b353f3864db86f4cba7ce5c8c9b24c5941d6
- Size
  
  707KB
- MD5
  
  a0010ef73af346827f58019702999e80
- SHA1
  
  26dbc97cb76284cd2a74171cdd73b67a6a1bef77
- SHA256
  
  cc9724f98f41ec67739b6bbcb818b353f3864db86f4cba7ce5c8c9b24c5941d6
- SHA512
  
  bf64e387e19a642e22e8285b47f5c945056b217029b8b39fb94ea0b7b5873852b584cdd4a5167c90b2a89378df67a802b5437ccfe731c970ef7f72703790d039
- SSDEEP
  
  12288:vApKlLJ7PZ6BtorUU/4eb5A7t9SP5ZOhXmtfICEc34o7yBSjY/AHCFvitJJH3hmx:4Yl3EtSd5AjhXoACEfo7BjY/AHCFvcJc
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence