ee4df0d90e8f30fe427a964b21c19c709d2c76ac23bc5640d75fd9763c21ddf3 | Triage

Sharing

General

Target

ee4df0d90e8f30fe427a964b21c19c709d2c76ac23bc5640d75fd9763c21ddf3
Size

146KB
Sample

221106-hrwhvabdgm
MD5

24a71f31d4a0d6b686a956068105d280
SHA1

da57a74da470fdecdb10066f2e582f388fc05ace
SHA256

ee4df0d90e8f30fe427a964b21c19c709d2c76ac23bc5640d75fd9763c21ddf3
SHA512

f85a94a17dc3d2f34cbce5dd8152c354f365befb1204df6581e706c8fa479b7f5c3ad8b319efc60463f7a7ce611352c25bdf569ababd09e8d172242b2e771f27
SSDEEP

1536:fK5VRJxT398vMcxotyeQgdpVgO6k0NgnjfaL/q1U56w/v0P50g3xY8le9jzK7tlm:avvaEcCXdugjfaL/q1vBbxRuw34/GZy

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  ee4df0d90e8f30fe427a964b21c19c709d2c76ac23bc5640d75fd9763c21ddf3
- Size
  
  146KB
- MD5
  
  24a71f31d4a0d6b686a956068105d280
- SHA1
  
  da57a74da470fdecdb10066f2e582f388fc05ace
- SHA256
  
  ee4df0d90e8f30fe427a964b21c19c709d2c76ac23bc5640d75fd9763c21ddf3
- SHA512
  
  f85a94a17dc3d2f34cbce5dd8152c354f365befb1204df6581e706c8fa479b7f5c3ad8b319efc60463f7a7ce611352c25bdf569ababd09e8d172242b2e771f27
- SSDEEP
  
  1536:fK5VRJxT398vMcxotyeQgdpVgO6k0NgnjfaL/q1U56w/v0P50g3xY8le9jzK7tlm:avvaEcCXdugjfaL/q1vBbxRuw34/GZy
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence