28892bf9445e91f79cfad6be98f805c82964a8badf820b8ee30421ff3ada09cd | Triage

Sharing

General

Target

28892bf9445e91f79cfad6be98f805c82964a8badf820b8ee30421ff3ada09cd
Size

328KB
Sample

221123-mm5yyahg4t
MD5

e787f5d14fefa05348c96a6536517c68
SHA1

51602a7d7addb0fcac9be4542870e036d7e1f9be
SHA256

28892bf9445e91f79cfad6be98f805c82964a8badf820b8ee30421ff3ada09cd
SHA512

9a26a838a8862a0ef9e1b3bf17def6baa3ec9aaf32b0cec14e410cb713d0dc2a95d47787019468619a5f02ccca51200b58667767b06d1abdcb4827422060cb2c
SSDEEP

6144:ksZR22GdyufgULOh3FSCj0u9cJmY7B1B4fW4QDBhu3AW:YRgdh3FSM0BmIB1BH

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  28892bf9445e91f79cfad6be98f805c82964a8badf820b8ee30421ff3ada09cd
- Size
  
  328KB
- MD5
  
  e787f5d14fefa05348c96a6536517c68
- SHA1
  
  51602a7d7addb0fcac9be4542870e036d7e1f9be
- SHA256
  
  28892bf9445e91f79cfad6be98f805c82964a8badf820b8ee30421ff3ada09cd
- SHA512
  
  9a26a838a8862a0ef9e1b3bf17def6baa3ec9aaf32b0cec14e410cb713d0dc2a95d47787019468619a5f02ccca51200b58667767b06d1abdcb4827422060cb2c
- SSDEEP
  
  6144:ksZR22GdyufgULOh3FSCj0u9cJmY7B1B4fW4QDBhu3AW:YRgdh3FSM0BmIB1BH
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence