1ad8a3be7aa2bfaac7435d6088d8cef4f7913ec20da2f3bd900cd3eb58b89342 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ad8a3be7aa2bfaac7435d6088d8cef4f7913ec20da2f3bd900cd3eb58b89342
Size

179KB
Sample

221029-2zae5abdek
MD5

a3a346ba3395387e2e6186a6b894fab0
SHA1

a890a741c351424ebe17c6d9e76d4433d167efc7
SHA256

1ad8a3be7aa2bfaac7435d6088d8cef4f7913ec20da2f3bd900cd3eb58b89342
SHA512

95e0089143c48db25508c2a572c2f5dd106f76246ca2f9d69b1a491b9601ed231532bbd55eea91d38977dab4d2db92ccb348d045fc442afad6a876b4ee14b52d
SSDEEP

3072:lmgYLN3eDarERVQcGM22D9nEWUKfZXhHrkxypOwWWF/xhPTcAclSDqe34jSWKUUO:lmgYLN3Ca4QcGM22D9nEWUkZXhHrkxy4

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  1ad8a3be7aa2bfaac7435d6088d8cef4f7913ec20da2f3bd900cd3eb58b89342
- Size
  
  179KB
- MD5
  
  a3a346ba3395387e2e6186a6b894fab0
- SHA1
  
  a890a741c351424ebe17c6d9e76d4433d167efc7
- SHA256
  
  1ad8a3be7aa2bfaac7435d6088d8cef4f7913ec20da2f3bd900cd3eb58b89342
- SHA512
  
  95e0089143c48db25508c2a572c2f5dd106f76246ca2f9d69b1a491b9601ed231532bbd55eea91d38977dab4d2db92ccb348d045fc442afad6a876b4ee14b52d
- SSDEEP
  
  3072:lmgYLN3eDarERVQcGM22D9nEWUKfZXhHrkxypOwWWF/xhPTcAclSDqe34jSWKUUO:lmgYLN3Ca4QcGM22D9nEWUkZXhHrkxy4
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence