0bc5e20c0b1f2525f42dea05a910d2029ccb4b382aaa9d038cbfa0b2cf69314f | Triage

Sharing

General

Target

0bc5e20c0b1f2525f42dea05a910d2029ccb4b382aaa9d038cbfa0b2cf69314f
Size

157KB
Sample

221020-zhzycaeab4
MD5

9699cb8fa1899f4d53044aae564f12d0
SHA1

1b2864d52e2bc5e9440b5bf90640c773e7fbfd03
SHA256

0bc5e20c0b1f2525f42dea05a910d2029ccb4b382aaa9d038cbfa0b2cf69314f
SHA512

d8d5c9f54e3bfa851d0b615bb7e9505071314080a8846d8a6a0717b94aa795f8881b43d3b7e4cef3d24b7fe2d65e92d37972cb9255c252719b276ee0c4caf439
SSDEEP

3072:VY+XZTVGSMZuTHZIxYFwMGJS19tSoN0m2cYdt6PdMmcvZ68:Ra7s+CnGJS19v0ZcYGPumcvZX

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  0bc5e20c0b1f2525f42dea05a910d2029ccb4b382aaa9d038cbfa0b2cf69314f
- Size
  
  157KB
- MD5
  
  9699cb8fa1899f4d53044aae564f12d0
- SHA1
  
  1b2864d52e2bc5e9440b5bf90640c773e7fbfd03
- SHA256
  
  0bc5e20c0b1f2525f42dea05a910d2029ccb4b382aaa9d038cbfa0b2cf69314f
- SHA512
  
  d8d5c9f54e3bfa851d0b615bb7e9505071314080a8846d8a6a0717b94aa795f8881b43d3b7e4cef3d24b7fe2d65e92d37972cb9255c252719b276ee0c4caf439
- SSDEEP
  
  3072:VY+XZTVGSMZuTHZIxYFwMGJS19tSoN0m2cYdt6PdMmcvZ68:Ra7s+CnGJS19v0ZcYGPumcvZX
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence