dc7e2aaf7f1d93af588f20c84c8a5302297a8f19cc46437f889f01742a8aaa7b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Trojan-Ransom.Win32.Blocker.dzov-dc7e2aaf7f1d93af588f20c84c8a5302297a8f19cc46437f889f01742a8aaa7b
Size

232KB
Sample

221106-xf1ezsfhd8
MD5

4a8f22270a475130a1980793a83889c7
SHA1

d0e96ecd8c6665628f26ddc91bbd089120b1ed66
SHA256

dc7e2aaf7f1d93af588f20c84c8a5302297a8f19cc46437f889f01742a8aaa7b
SHA512

efb4cb79b53985d60257dd45b6c8f95dc81c4ea7f9bc41657fdaa90799de48176e7daf3014bb737d8294684a93220982eacaaf83de10c16cf1c288cddc21b6b2
SSDEEP

6144:T8GLgUq+OfLX/1JsMWH+0/65w3aS1T25CSTF9xsgNIOCDvlD:BLH9OfLv1yMt0/65AwsgzxrGXl

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  Run.exe
- Size
  
  420KB
- MD5
  
  7e9f90adb64619cd5c46c7ceef7fcc6f
- SHA1
  
  20783829834449582e5fb2095ea754f1e9f2d80f
- SHA256
  
  40e89553105fe5bdda8740326100253d03cef761fa999c07a2c386b6ae5d8408
- SHA512
  
  3c04c83bf5b92a3578e900f9b35296547b63028b23cadb934fbabebc7a730335a3d8186fdaf9c0c6b077e3770d3216df8cdae754a18c5ff11816f562fb3ca868
- SSDEEP
  
  6144:F9PoT7tob7yivKpZzKFjj6W2f/oFeYV9q0nk+mlzSOY30:LQ+bWicCjjHuAfO0nk+mszk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence