8f26c24b6b78a631db0850fe3358c31be3ccff69e9018127fda2a00c61869bd7 | Triage

Sharing

General

Target

8f26c24b6b78a631db0850fe3358c31be3ccff69e9018127fda2a00c61869bd7
Size

154KB
Sample

221029-28hsvsbca6
MD5

4dfc6fd0aa6d7d397e19c0749a089210
SHA1

2a1ae383d6cfe187307bf1860982642bc864a2c7
SHA256

8f26c24b6b78a631db0850fe3358c31be3ccff69e9018127fda2a00c61869bd7
SHA512

b16f2235c064cc2899aad9bb162a96b737fc608ced45938a612cd6fd6f51fc679a7f7a525d9df778a33cb5484253b036a568a0798cba504140de2c8e35233821
SSDEEP

3072:JhebBAqtYA4FVb/NFiVDcVyH5q/hUAR+ifVj+lp2SXahfUBojVf+RDG:2ABLFlXLVk5quAhqlMjfU2yD

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  8f26c24b6b78a631db0850fe3358c31be3ccff69e9018127fda2a00c61869bd7
- Size
  
  154KB
- MD5
  
  4dfc6fd0aa6d7d397e19c0749a089210
- SHA1
  
  2a1ae383d6cfe187307bf1860982642bc864a2c7
- SHA256
  
  8f26c24b6b78a631db0850fe3358c31be3ccff69e9018127fda2a00c61869bd7
- SHA512
  
  b16f2235c064cc2899aad9bb162a96b737fc608ced45938a612cd6fd6f51fc679a7f7a525d9df778a33cb5484253b036a568a0798cba504140de2c8e35233821
- SSDEEP
  
  3072:JhebBAqtYA4FVb/NFiVDcVyH5q/hUAR+ifVj+lp2SXahfUBojVf+RDG:2ABLFlXLVk5quAhqlMjfU2yD
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence