c3bfdc9a30d086d62cc1d17b95e45a5066d5aef772a58dc34ce19d9712256247 | Triage

Sharing

General

Target

c3bfdc9a30d086d62cc1d17b95e45a5066d5aef772a58dc34ce19d9712256247
Size

955KB
Sample

221021-frt9nsdca6
MD5

71305da50038062a1c36933557c808d0
SHA1

8c521905b1e6ecdb4d5717369fa88bb645ff43fb
SHA256

c3bfdc9a30d086d62cc1d17b95e45a5066d5aef772a58dc34ce19d9712256247
SHA512

8ab8bf03f85840642705ca0896da1e587314d58925ca47ac01e3a400eee0c6a40cb293ee38975585726457a53d4cfb61c46107e3f289e3406735386cb6a0144d
SSDEEP

12288:b4ZoCUyZtwAvAs4wTCyrPT0yq0VezaOvoJpaz/g/J/vVoS:katy/wAvN7lry0VeH8az/g/J/No

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  c3bfdc9a30d086d62cc1d17b95e45a5066d5aef772a58dc34ce19d9712256247
- Size
  
  955KB
- MD5
  
  71305da50038062a1c36933557c808d0
- SHA1
  
  8c521905b1e6ecdb4d5717369fa88bb645ff43fb
- SHA256
  
  c3bfdc9a30d086d62cc1d17b95e45a5066d5aef772a58dc34ce19d9712256247
- SHA512
  
  8ab8bf03f85840642705ca0896da1e587314d58925ca47ac01e3a400eee0c6a40cb293ee38975585726457a53d4cfb61c46107e3f289e3406735386cb6a0144d
- SSDEEP
  
  12288:b4ZoCUyZtwAvAs4wTCyrPT0yq0VezaOvoJpaz/g/J/vVoS:katy/wAvN7lry0VeH8az/g/J/No
Score

8^/10

evasion persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

evasionpersistence