3b06198a4c26910a48d8aa82745c66a7c19d039f3da6b93d8bbe2359fa42f520 | Triage

Sharing

General

Target

3b06198a4c26910a48d8aa82745c66a7c19d039f3da6b93d8bbe2359fa42f520
Size

43KB
Sample

221107-et6vtaaefr
MD5

06948f3af0a772a23d20a46cac52fa60
SHA1

957ef61f9d4d3ea050a5c062ae12996febb91f3a
SHA256

3b06198a4c26910a48d8aa82745c66a7c19d039f3da6b93d8bbe2359fa42f520
SHA512

3096f57da95dc8364abef5cdd9ce9f352a0e678d9f2ef383154f356659648e2d6d3fb5395e96fec456c266e7980cddd4bd26131448dd85574bb3f9ce0956e0ef
SSDEEP

768:ruD/1865QbrS+eUfOrm9uTx22R581J6HqYjHn2qvtK18/E71bToNVGnsHCCjPkax:MKuchsvR21XobHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  3b06198a4c26910a48d8aa82745c66a7c19d039f3da6b93d8bbe2359fa42f520
- Size
  
  43KB
- MD5
  
  06948f3af0a772a23d20a46cac52fa60
- SHA1
  
  957ef61f9d4d3ea050a5c062ae12996febb91f3a
- SHA256
  
  3b06198a4c26910a48d8aa82745c66a7c19d039f3da6b93d8bbe2359fa42f520
- SHA512
  
  3096f57da95dc8364abef5cdd9ce9f352a0e678d9f2ef383154f356659648e2d6d3fb5395e96fec456c266e7980cddd4bd26131448dd85574bb3f9ce0956e0ef
- SSDEEP
  
  768:ruD/1865QbrS+eUfOrm9uTx22R581J6HqYjHn2qvtK18/E71bToNVGnsHCCjPkax:MKuchsvR21XobHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence