426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79 | Triage

Sharing

General

Target

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79
Size

500KB
Sample

221106-g8ljjagah2
MD5

3347552aa09c4c82643bb8208f10dfe0
SHA1

455c324106cce3ea37fc3620bcacd96311f4d1ab
SHA256

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79
SHA512

6c98c94e39dc9b6672dee53298cd32bd2af79df4dd93258c693514a311560a6bf04e2efed4d26d431eceb8ee30c11694cbfd361471752e8370ede694de91a789
SSDEEP

12288:e+vMwQh85td43o3XD9b3wgGY8QKqRWFn5:e+EwFtdXD1ggGY8F15

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79
- Size
  
  500KB
- MD5
  
  3347552aa09c4c82643bb8208f10dfe0
- SHA1
  
  455c324106cce3ea37fc3620bcacd96311f4d1ab
- SHA256
  
  426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79
- SHA512
  
  6c98c94e39dc9b6672dee53298cd32bd2af79df4dd93258c693514a311560a6bf04e2efed4d26d431eceb8ee30c11694cbfd361471752e8370ede694de91a789
- SSDEEP
  
  12288:e+vMwQh85td43o3XD9b3wgGY8QKqRWFn5:e+EwFtdXD1ggGY8F15
Score

10^/10

persistence evasion
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2