5780a4434a4fac338b5e8ab22d4c4f18ff7fb85ddc6fd404cec3ec59bf79401f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5780a4434a4fac338b5e8ab22d4c4f18ff7fb85ddc6fd404cec3ec59bf79401f
Size

145KB
Sample

221029-28dtxabghn
MD5

434991533b9ecc6e5b382ce5fab71d30
SHA1

a1bf9fdd54c5af9097603df80d25e7f62ac3880c
SHA256

5780a4434a4fac338b5e8ab22d4c4f18ff7fb85ddc6fd404cec3ec59bf79401f
SHA512

7481dd68950a6bb8f77c59cbba74bb0073ead80d788f74916522db4c2b3d4546268252940e8ae959c10d408e3a43d75431cca285e239af71412321584b0c0108
SSDEEP

3072:q9/DcxjdZ1r0Rt8dmskg5KfkThXYMpB4d4dXRsfxrwqipIGpyCvU:w/DsdZ14oYK7B84TxqiBU

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  5780a4434a4fac338b5e8ab22d4c4f18ff7fb85ddc6fd404cec3ec59bf79401f
- Size
  
  145KB
- MD5
  
  434991533b9ecc6e5b382ce5fab71d30
- SHA1
  
  a1bf9fdd54c5af9097603df80d25e7f62ac3880c
- SHA256
  
  5780a4434a4fac338b5e8ab22d4c4f18ff7fb85ddc6fd404cec3ec59bf79401f
- SHA512
  
  7481dd68950a6bb8f77c59cbba74bb0073ead80d788f74916522db4c2b3d4546268252940e8ae959c10d408e3a43d75431cca285e239af71412321584b0c0108
- SSDEEP
  
  3072:q9/DcxjdZ1r0Rt8dmskg5KfkThXYMpB4d4dXRsfxrwqipIGpyCvU:w/DsdZ14oYK7B84TxqiBU
Score

8^/10

evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2