a35e2948aa479bcfe9352531e4f161728214ff231d4e93ddcdd4224beb2f02b5 | Triage

Sharing

General

Target

a35e2948aa479bcfe9352531e4f161728214ff231d4e93ddcdd4224beb2f02b5
Size

183KB
Sample

221123-ln791sfc7v
MD5

23127700d29f175b1cfc95aee76744b7
SHA1

b7720f74b3e6c5e8de8104a10d84db7b27f395ef
SHA256

a35e2948aa479bcfe9352531e4f161728214ff231d4e93ddcdd4224beb2f02b5
SHA512

eb1e7b8ca724c4b7f72093a380086c880f159ca7047a179e20b3eb869cd6c126611c50616ea91830a30c2fba38abad51a21a4de1180bdc579830e5ea32bb2de6
SSDEEP

3072:BPprdo/5Plc91XQzaH6FZ2YRjKjujvTfvIax7qbbf4sznHL:ZAP+1AeQnRj6uHf2b8sz

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  a35e2948aa479bcfe9352531e4f161728214ff231d4e93ddcdd4224beb2f02b5
- Size
  
  183KB
- MD5
  
  23127700d29f175b1cfc95aee76744b7
- SHA1
  
  b7720f74b3e6c5e8de8104a10d84db7b27f395ef
- SHA256
  
  a35e2948aa479bcfe9352531e4f161728214ff231d4e93ddcdd4224beb2f02b5
- SHA512
  
  eb1e7b8ca724c4b7f72093a380086c880f159ca7047a179e20b3eb869cd6c126611c50616ea91830a30c2fba38abad51a21a4de1180bdc579830e5ea32bb2de6
- SSDEEP
  
  3072:BPprdo/5Plc91XQzaH6FZ2YRjKjujvTfvIax7qbbf4sznHL:ZAP+1AeQnRj6uHf2b8sz
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2