ec2466c578721e62dfc5a36d854360ec850dc3695fed4acd5c4b84f08b955a4c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec2466c578721e62dfc5a36d854360ec850dc3695fed4acd5c4b84f08b955a4c
Size

101KB
Sample

221029-btpdzsfffr
MD5

0eb0c7d9ae4c97f7b398984fd06846e0
SHA1

d45a119730fc9cad5d1869ea041958912d87d639
SHA256

ec2466c578721e62dfc5a36d854360ec850dc3695fed4acd5c4b84f08b955a4c
SHA512

f8ae321caf0b95814bf08c38418e469a3cbdd650918e0c464cb57ab110d417fb572b52c3e0282738f1aa18ae8dc9c8dfeb0172a9239687a208b2528699f8480a
SSDEEP

3072:0R7EDnH10Ntlor1pKPAW+mnu1TKLnym76C7T8RMS:VGlWi3TT0f

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  ec2466c578721e62dfc5a36d854360ec850dc3695fed4acd5c4b84f08b955a4c
- Size
  
  101KB
- MD5
  
  0eb0c7d9ae4c97f7b398984fd06846e0
- SHA1
  
  d45a119730fc9cad5d1869ea041958912d87d639
- SHA256
  
  ec2466c578721e62dfc5a36d854360ec850dc3695fed4acd5c4b84f08b955a4c
- SHA512
  
  f8ae321caf0b95814bf08c38418e469a3cbdd650918e0c464cb57ab110d417fb572b52c3e0282738f1aa18ae8dc9c8dfeb0172a9239687a208b2528699f8480a
- SSDEEP
  
  3072:0R7EDnH10Ntlor1pKPAW+mnu1TKLnym76C7T8RMS:VGlWi3TT0f
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence