d4d1de44a7abca4b8c8cb0696fcdf8cbb4b08f249378c450c5d23d214896db65 | Triage

Sharing

General

Target

d4d1de44a7abca4b8c8cb0696fcdf8cbb4b08f249378c450c5d23d214896db65
Size

156KB
Sample

221029-3clqbabdf5
MD5

84beceb25dc157b965c94dad4c057cf0
SHA1

fb31b194d575173a4fb5586b68a040237acacde1
SHA256

d4d1de44a7abca4b8c8cb0696fcdf8cbb4b08f249378c450c5d23d214896db65
SHA512

77a143d663e27d31c8f8afd4be596b1a8d8bf69fcec20cc68eaa7936ae9212f2585ba458d9c42addf4f41166f43ab2738e5a481afe764073f706d101d4751dea
SSDEEP

3072:PP0Yoqcwx6cYKToU/uwXbVVOQraBIpPQMPozgEAQIIO:3WqlsUuwWQraBCDorAB

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  d4d1de44a7abca4b8c8cb0696fcdf8cbb4b08f249378c450c5d23d214896db65
- Size
  
  156KB
- MD5
  
  84beceb25dc157b965c94dad4c057cf0
- SHA1
  
  fb31b194d575173a4fb5586b68a040237acacde1
- SHA256
  
  d4d1de44a7abca4b8c8cb0696fcdf8cbb4b08f249378c450c5d23d214896db65
- SHA512
  
  77a143d663e27d31c8f8afd4be596b1a8d8bf69fcec20cc68eaa7936ae9212f2585ba458d9c42addf4f41166f43ab2738e5a481afe764073f706d101d4751dea
- SSDEEP
  
  3072:PP0Yoqcwx6cYKToU/uwXbVVOQraBIpPQMPozgEAQIIO:3WqlsUuwWQraBCDorAB
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence