5535bc82df85839160f07deeaf831f2dde01d07971d043cc15d4c61970b58121 | Triage

Sharing

General

Target

5535bc82df85839160f07deeaf831f2dde01d07971d043cc15d4c61970b58121
Size

43KB
Sample

221123-xrsjhsag71
MD5

05644cb171e8bff76c6f1ce637258827
SHA1

f0b3e858cb2934e98bc613be3dbc88aa47eca2c5
SHA256

5535bc82df85839160f07deeaf831f2dde01d07971d043cc15d4c61970b58121
SHA512

f92d373b590e2ed847c6c43c423a9bd06848af6ec7dd8b177f113e0e54bc7f9e18790e57067eefc9a42437188c94f14b10b281198125ca41a429837fa0705adb
SSDEEP

768:WGjYUzZS+Xhx4bLaDyixkqy1h5d/sW/RKnY/iSw+neaNWqNXOZCss5KGrMYKvfPn:qgh+dq8Z3vu2xMYKnz4sB

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  5535bc82df85839160f07deeaf831f2dde01d07971d043cc15d4c61970b58121
- Size
  
  43KB
- MD5
  
  05644cb171e8bff76c6f1ce637258827
- SHA1
  
  f0b3e858cb2934e98bc613be3dbc88aa47eca2c5
- SHA256
  
  5535bc82df85839160f07deeaf831f2dde01d07971d043cc15d4c61970b58121
- SHA512
  
  f92d373b590e2ed847c6c43c423a9bd06848af6ec7dd8b177f113e0e54bc7f9e18790e57067eefc9a42437188c94f14b10b281198125ca41a429837fa0705adb
- SSDEEP
  
  768:WGjYUzZS+Xhx4bLaDyixkqy1h5d/sW/RKnY/iSw+neaNWqNXOZCss5KGrMYKvfPn:qgh+dq8Z3vu2xMYKnz4sB
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence