a67d6c32742b3937c9237479a88a3247a1b6b70172832d5cf3fdbb1525782032 | Triage

Sharing

General

Target

a67d6c32742b3937c9237479a88a3247a1b6b70172832d5cf3fdbb1525782032
Size

36KB
Sample

221106-vnxyqacfc4
MD5

0eddedccc322a06b4ae8113d1aaa0860
SHA1

e17b13f770eb005af5e62644f9a41579fbb61f6b
SHA256

a67d6c32742b3937c9237479a88a3247a1b6b70172832d5cf3fdbb1525782032
SHA512

d8def2d04d9020c4c2553e4def11909d60141e9e678146016c577c5fd5a057d26393e5dbbc8874c410578f1435961c4d1a66846c8ead85fd6671af9b9a34a755
SSDEEP

384:gcV6VCYWFbxW6eHniHRGlR83kM9+3lOkCTevb1HXwTJ4MLhjW3/yqgn2Aq0gj2Bz:nECv4CHRrUV3gkmejGTJzovy9GjE27a

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  a67d6c32742b3937c9237479a88a3247a1b6b70172832d5cf3fdbb1525782032
- Size
  
  36KB
- MD5
  
  0eddedccc322a06b4ae8113d1aaa0860
- SHA1
  
  e17b13f770eb005af5e62644f9a41579fbb61f6b
- SHA256
  
  a67d6c32742b3937c9237479a88a3247a1b6b70172832d5cf3fdbb1525782032
- SHA512
  
  d8def2d04d9020c4c2553e4def11909d60141e9e678146016c577c5fd5a057d26393e5dbbc8874c410578f1435961c4d1a66846c8ead85fd6671af9b9a34a755
- SSDEEP
  
  384:gcV6VCYWFbxW6eHniHRGlR83kM9+3lOkCTevb1HXwTJ4MLhjW3/yqgn2Aq0gj2Bz:nECv4CHRrUV3gkmejGTJzovy9GjE27a
Score

10^/10

evasion
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2