df5b3d584402d88d19ff0dcd3ed1879c51d640bbf0eb6f38368322640ecfb452 | Triage

Sharing

General

Target

df5b3d584402d88d19ff0dcd3ed1879c51d640bbf0eb6f38368322640ecfb452
Size

717KB
Sample

221123-lmyn7afb8y
MD5

9fe8f0d5bd98fd5b7eaddece52c99972
SHA1

5134ea4a5494bed1184f34e7586f950e8c958855
SHA256

df5b3d584402d88d19ff0dcd3ed1879c51d640bbf0eb6f38368322640ecfb452
SHA512

33536e5bebfc5240031ac362e1a9ce47ade064c4d5057b156e805a8a1266586a37ea46e06929b0ea65837c3cce3af9d117f81693d9a8884aceea5cf55f55117e
SSDEEP

6144:BEhzURIw1IHVseT2hUFj8Xvqpj1i3KWF1iGqBhel3uq8CJVU7Q1pFknM+VWxASBb:fmHy+Fj8XvZZUazkM4WxAYIQG7IIA

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  df5b3d584402d88d19ff0dcd3ed1879c51d640bbf0eb6f38368322640ecfb452
- Size
  
  717KB
- MD5
  
  9fe8f0d5bd98fd5b7eaddece52c99972
- SHA1
  
  5134ea4a5494bed1184f34e7586f950e8c958855
- SHA256
  
  df5b3d584402d88d19ff0dcd3ed1879c51d640bbf0eb6f38368322640ecfb452
- SHA512
  
  33536e5bebfc5240031ac362e1a9ce47ade064c4d5057b156e805a8a1266586a37ea46e06929b0ea65837c3cce3af9d117f81693d9a8884aceea5cf55f55117e
- SSDEEP
  
  6144:BEhzURIw1IHVseT2hUFj8Xvqpj1i3KWF1iGqBhel3uq8CJVU7Q1pFknM+VWxASBb:fmHy+Fj8XvZZUazkM4WxAYIQG7IIA
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2