8f8bc0423d787177c6c3b140c5a842b98bb3d2d7411676714fe70b9fc894b481 | Triage

Sharing

General

Target

8f8bc0423d787177c6c3b140c5a842b98bb3d2d7411676714fe70b9fc894b481
Size

155KB
Sample

221123-lkcc6sfa6v
MD5

f208016713c4e15762d8b2787f141ae1
SHA1

5255bde8e5d4f81f6a0c0628a8b65d07cc208090
SHA256

8f8bc0423d787177c6c3b140c5a842b98bb3d2d7411676714fe70b9fc894b481
SHA512

cc6c5247465451fdffbbb3353543b6154a65cedbeabc6e01df6d84bb5d111c932380e533f09ef34f809efb39dca94a625cb73c403e25519f5fbcb541565048f5
SSDEEP

3072:OHlM7TYmySIQIvux25GWp1icKAArDZz4N9GhbkrNEk140g:Oz7Rp0yN90QEj

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  8f8bc0423d787177c6c3b140c5a842b98bb3d2d7411676714fe70b9fc894b481
- Size
  
  155KB
- MD5
  
  f208016713c4e15762d8b2787f141ae1
- SHA1
  
  5255bde8e5d4f81f6a0c0628a8b65d07cc208090
- SHA256
  
  8f8bc0423d787177c6c3b140c5a842b98bb3d2d7411676714fe70b9fc894b481
- SHA512
  
  cc6c5247465451fdffbbb3353543b6154a65cedbeabc6e01df6d84bb5d111c932380e533f09ef34f809efb39dca94a625cb73c403e25519f5fbcb541565048f5
- SSDEEP
  
  3072:OHlM7TYmySIQIvux25GWp1icKAArDZz4N9GhbkrNEk140g:Oz7Rp0yN90QEj
Score

8^/10

persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2