5a189d57775d13eaa7e2cf5c461dffa4ac61baca5abc3a3835cef2a1c0aac91c | Triage

Sharing

General

Target

5a189d57775d13eaa7e2cf5c461dffa4ac61baca5abc3a3835cef2a1c0aac91c
Size

168KB
Sample

221123-vnj2vscd8t
MD5

b06d8708ce180fd6963d94f530303058
SHA1

f60c0c2a9ff177dd606aa96175fa96b17714c238
SHA256

5a189d57775d13eaa7e2cf5c461dffa4ac61baca5abc3a3835cef2a1c0aac91c
SHA512

5b9e601b074be5718458a7ede9394ec82bbb972cd0da63dc643a05b96ced93e0cd682237fb72f91d7a14890d856e788ce07c271636a1db9a672a1e7036660cae
SSDEEP

1536:TCl8jequo9Qtr/OLMf1Y8hitviXrSkuDM5QSOK:TPjw1/OLiYZoSk+Md

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  5a189d57775d13eaa7e2cf5c461dffa4ac61baca5abc3a3835cef2a1c0aac91c
- Size
  
  168KB
- MD5
  
  b06d8708ce180fd6963d94f530303058
- SHA1
  
  f60c0c2a9ff177dd606aa96175fa96b17714c238
- SHA256
  
  5a189d57775d13eaa7e2cf5c461dffa4ac61baca5abc3a3835cef2a1c0aac91c
- SHA512
  
  5b9e601b074be5718458a7ede9394ec82bbb972cd0da63dc643a05b96ced93e0cd682237fb72f91d7a14890d856e788ce07c271636a1db9a672a1e7036660cae
- SSDEEP
  
  1536:TCl8jequo9Qtr/OLMf1Y8hitviXrSkuDM5QSOK:TPjw1/OLiYZoSk+Md
Score

8^/10

evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2