483b8f2acfb6031a755b36f15612afb3b7c2810710086ca37ba7a1f7ae1f13b6 | Triage

Sharing

General

Target

483b8f2acfb6031a755b36f15612afb3b7c2810710086ca37ba7a1f7ae1f13b6
Size

45KB
Sample

221030-wtb4wadbe5
MD5

834dd73b37cf6ad1f852c4df68f55f19
SHA1

b1edf104fa0df296fc25224bf88610ece6deb245
SHA256

483b8f2acfb6031a755b36f15612afb3b7c2810710086ca37ba7a1f7ae1f13b6
SHA512

4e6a09089700ee2d7071a0a674241a1b96438f0a544696a77364c0dfcdac9f707e2a674f1c7755954eca15a03dd87fe77ed7543877b456630553b9f208a32215
SSDEEP

768:NUmTIj8ycl8s598HIAQvI9Dq3U6+frYxKwkWyMRy7FFesX8gmU7AwXEPz7vNGOST:RSS/G9UPz7pS

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  483b8f2acfb6031a755b36f15612afb3b7c2810710086ca37ba7a1f7ae1f13b6
- Size
  
  45KB
- MD5
  
  834dd73b37cf6ad1f852c4df68f55f19
- SHA1
  
  b1edf104fa0df296fc25224bf88610ece6deb245
- SHA256
  
  483b8f2acfb6031a755b36f15612afb3b7c2810710086ca37ba7a1f7ae1f13b6
- SHA512
  
  4e6a09089700ee2d7071a0a674241a1b96438f0a544696a77364c0dfcdac9f707e2a674f1c7755954eca15a03dd87fe77ed7543877b456630553b9f208a32215
- SSDEEP
  
  768:NUmTIj8ycl8s598HIAQvI9Dq3U6+frYxKwkWyMRy7FFesX8gmU7AwXEPz7vNGOST:RSS/G9UPz7pS
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence