9a19576fdbcf83b9b0f14c4b2b4d92f1439837c02d3d2d623f567de4252a2013 | Triage

Sharing

General

Target

9a19576fdbcf83b9b0f14c4b2b4d92f1439837c02d3d2d623f567de4252a2013
Size

42KB
Sample

221121-3kbv3sbf25
MD5

87350e3f6f3a332eff96d103b5cf0435
SHA1

d6bce558d577efc34b6eca9de248987dcb907867
SHA256

9a19576fdbcf83b9b0f14c4b2b4d92f1439837c02d3d2d623f567de4252a2013
SHA512

829ce60d711b6dbc9171ea72f6de411c5db06fd9841f5404425f83e5b180372a9d02d98a39966c9b752873e08a09680b558d56b7d2b15fbb35fc54756c8e252a
SSDEEP

768:ypBpcpHpTczXmlfJ2K7kKVDw9mN6MCGONDpWaIjf3Wv2qOV/xESKXxHCx7qq+2hD:ypBpcpHpgD0oK7kKVc9+CG15r3WvROlV

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  9a19576fdbcf83b9b0f14c4b2b4d92f1439837c02d3d2d623f567de4252a2013
- Size
  
  42KB
- MD5
  
  87350e3f6f3a332eff96d103b5cf0435
- SHA1
  
  d6bce558d577efc34b6eca9de248987dcb907867
- SHA256
  
  9a19576fdbcf83b9b0f14c4b2b4d92f1439837c02d3d2d623f567de4252a2013
- SHA512
  
  829ce60d711b6dbc9171ea72f6de411c5db06fd9841f5404425f83e5b180372a9d02d98a39966c9b752873e08a09680b558d56b7d2b15fbb35fc54756c8e252a
- SSDEEP
  
  768:ypBpcpHpTczXmlfJ2K7kKVDw9mN6MCGONDpWaIjf3Wv2qOV/xESKXxHCx7qq+2hD:ypBpcpHpgD0oK7kKVc9+CG15r3WvROlV
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence