e9fa29db41e9d557dacc5898e0dfaa3a4681e6b3f49e5e45f0abab1d31992507 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e9fa29db41e9d557dacc5898e0dfaa3a4681e6b3f49e5e45f0abab1d31992507
Size

271KB
Sample

221030-nx8m9aadbk
MD5

92c7a530356c9dc82b9526fb57b1c940
SHA1

4c7e330701c86fc04524dcc52016d72159ffd36a
SHA256

e9fa29db41e9d557dacc5898e0dfaa3a4681e6b3f49e5e45f0abab1d31992507
SHA512

5ba11c5a31dee93083802ef63804465fc6ab854471c7e28babcb1aa4af26cceeda5973cece2366635fb86afaab2578dfbf826305f67a1e08ca8dba34c6067698
SSDEEP

6144:hHsfYF9flXsT6oWDOckuj9BediPLj+I5i:hHsfy9flcT6fkYBiiN5i

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  e9fa29db41e9d557dacc5898e0dfaa3a4681e6b3f49e5e45f0abab1d31992507
- Size
  
  271KB
- MD5
  
  92c7a530356c9dc82b9526fb57b1c940
- SHA1
  
  4c7e330701c86fc04524dcc52016d72159ffd36a
- SHA256
  
  e9fa29db41e9d557dacc5898e0dfaa3a4681e6b3f49e5e45f0abab1d31992507
- SHA512
  
  5ba11c5a31dee93083802ef63804465fc6ab854471c7e28babcb1aa4af26cceeda5973cece2366635fb86afaab2578dfbf826305f67a1e08ca8dba34c6067698
- SSDEEP
  
  6144:hHsfYF9flXsT6oWDOckuj9BediPLj+I5i:hHsfy9flcT6fkYBiiN5i
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence