ec40b55d4ebd0ba60f14c06e75e272448aaf4eb821f0c39c917177d1ca8231c9 | Triage

Sharing

General

Target

ec40b55d4ebd0ba60f14c06e75e272448aaf4eb821f0c39c917177d1ca8231c9
Size

90KB
Sample

221123-1qgmeaba31
MD5

42b85bf274ff08817f995c38c37b1ff0
SHA1

2e7cdeaf89f1276a928d732d7b7f93f1ba2f1746
SHA256

ec40b55d4ebd0ba60f14c06e75e272448aaf4eb821f0c39c917177d1ca8231c9
SHA512

cbb1f8e4ea85ec20173d65289af3df37af6c7dd1efd2fe7f15bf802bea89046f4231d057dd352c3a205657b48d85c61c3220cb4afe900bfaa2df307cd9677c1c
SSDEEP

1536:WwHTYXvGC2Ek61ZNe2cIBGh90nEmhOZOEpn1qtMyO8j2cK3As6T92HQEoub5IgQd:JTY/5k6fEnxSjRTiQEo45fQn4vK

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  ec40b55d4ebd0ba60f14c06e75e272448aaf4eb821f0c39c917177d1ca8231c9
- Size
  
  90KB
- MD5
  
  42b85bf274ff08817f995c38c37b1ff0
- SHA1
  
  2e7cdeaf89f1276a928d732d7b7f93f1ba2f1746
- SHA256
  
  ec40b55d4ebd0ba60f14c06e75e272448aaf4eb821f0c39c917177d1ca8231c9
- SHA512
  
  cbb1f8e4ea85ec20173d65289af3df37af6c7dd1efd2fe7f15bf802bea89046f4231d057dd352c3a205657b48d85c61c3220cb4afe900bfaa2df307cd9677c1c
- SSDEEP
  
  1536:WwHTYXvGC2Ek61ZNe2cIBGh90nEmhOZOEpn1qtMyO8j2cK3As6T92HQEoub5IgQd:JTY/5k6fEnxSjRTiQEo45fQn4vK
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence