efcb1a1d587c800d840f46183965c56c2ed68a7ee3db74b08bec0f56b4d5a385 | Triage

Sharing

General

Target

efcb1a1d587c800d840f46183965c56c2ed68a7ee3db74b08bec0f56b4d5a385
Size

37KB
Sample

221123-l2d84agb9w
MD5

0838eeadde00e52893d0495e2aee4237
SHA1

025f0560461c8712434c388a4b4a9d0480f1ae81
SHA256

efcb1a1d587c800d840f46183965c56c2ed68a7ee3db74b08bec0f56b4d5a385
SHA512

a733119a9af08daaf5ff77b7410430f9b88f5f5425e77417aeecac0302ed0168e21b82df661f22eb81a7f5bfc66259589e2ace18f98c2bc1e05e60160203bcd2
SSDEEP

768:gYX9JxV7uMBw43PkR4w2B834D4eQy1bXlJTS:rX9JHDNbBm4DlRTS

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  efcb1a1d587c800d840f46183965c56c2ed68a7ee3db74b08bec0f56b4d5a385
- Size
  
  37KB
- MD5
  
  0838eeadde00e52893d0495e2aee4237
- SHA1
  
  025f0560461c8712434c388a4b4a9d0480f1ae81
- SHA256
  
  efcb1a1d587c800d840f46183965c56c2ed68a7ee3db74b08bec0f56b4d5a385
- SHA512
  
  a733119a9af08daaf5ff77b7410430f9b88f5f5425e77417aeecac0302ed0168e21b82df661f22eb81a7f5bfc66259589e2ace18f98c2bc1e05e60160203bcd2
- SSDEEP
  
  768:gYX9JxV7uMBw43PkR4w2B834D4eQy1bXlJTS:rX9JHDNbBm4DlRTS
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence