aab425b436d767f461813fcd177d3522a01a473f36d8cf312d08522b94faede4 | Triage

Sharing

General

Target

aab425b436d767f461813fcd177d3522a01a473f36d8cf312d08522b94faede4
Size

43KB
Sample

221123-qpkbsshe3x
MD5

98be617cf450564d8a95a49d1bbb12a6
SHA1

2cd77cc27a1d4e348bd9ec578b2ce5b7aa183bb4
SHA256

aab425b436d767f461813fcd177d3522a01a473f36d8cf312d08522b94faede4
SHA512

06855b2638e29363845726b9a59ab7b16f29c39d94f0f7cc85fdbc08d8786fcab1d398c65b6fc53060480a3472341a90353ecaef74c45b92412cea5d2d16df97
SSDEEP

768:IhAUGRem2NfLdLBgQEyN66NXME6F1PGsO8Koj9w9W4Uj9YkEfyHRrlA:DxRem2ldLBgQEyN6SkPJOtszhYkEfK

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  aab425b436d767f461813fcd177d3522a01a473f36d8cf312d08522b94faede4
- Size
  
  43KB
- MD5
  
  98be617cf450564d8a95a49d1bbb12a6
- SHA1
  
  2cd77cc27a1d4e348bd9ec578b2ce5b7aa183bb4
- SHA256
  
  aab425b436d767f461813fcd177d3522a01a473f36d8cf312d08522b94faede4
- SHA512
  
  06855b2638e29363845726b9a59ab7b16f29c39d94f0f7cc85fdbc08d8786fcab1d398c65b6fc53060480a3472341a90353ecaef74c45b92412cea5d2d16df97
- SSDEEP
  
  768:IhAUGRem2NfLdLBgQEyN66NXME6F1PGsO8Koj9w9W4Uj9YkEfyHRrlA:DxRem2ldLBgQEyN6SkPJOtszhYkEfK
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence