14dff9b05db1a48a4a138a6d4c545a23d54f12a67a70afe2e58267cdb416d05e | Triage

Sharing

General

Target

14dff9b05db1a48a4a138a6d4c545a23d54f12a67a70afe2e58267cdb416d05e
Size

200KB
Sample

221107-r6blnaeehm
MD5

14825d0b4628a8d8d7d3d863394a15c0
SHA1

18eecdcfc96961a41794bf684b87a5bddeda1083
SHA256

14dff9b05db1a48a4a138a6d4c545a23d54f12a67a70afe2e58267cdb416d05e
SHA512

35375d13ced1647b5610c04a7cde62f337f6cf552de0f98ff78f7b40bcfd2354e47e667c6d91b3911b5f81b94fcb8866a05a36f49f67bad2082e1ad73586b7d1
SSDEEP

3072:ML/rW9xMU6uQmdYqo+ruGiYDuyoPfaJdJXZRrWRxoRuQOdYqCKrgGieDoyoxj6FS:+WbLQmdlgGpeaXJLWvxQOdlyGDI6L

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  14dff9b05db1a48a4a138a6d4c545a23d54f12a67a70afe2e58267cdb416d05e
- Size
  
  200KB
- MD5
  
  14825d0b4628a8d8d7d3d863394a15c0
- SHA1
  
  18eecdcfc96961a41794bf684b87a5bddeda1083
- SHA256
  
  14dff9b05db1a48a4a138a6d4c545a23d54f12a67a70afe2e58267cdb416d05e
- SHA512
  
  35375d13ced1647b5610c04a7cde62f337f6cf552de0f98ff78f7b40bcfd2354e47e667c6d91b3911b5f81b94fcb8866a05a36f49f67bad2082e1ad73586b7d1
- SSDEEP
  
  3072:ML/rW9xMU6uQmdYqo+ruGiYDuyoPfaJdJXZRrWRxoRuQOdYqCKrgGieDoyoxj6FS:+WbLQmdlgGpeaXJLWvxQOdlyGDI6L
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence