002a6e6b9aa39fed9afd100bc430f1f1eea756cb3eefabcb678e85e31cf58c6b | Triage

Sharing

General

Target

002a6e6b9aa39fed9afd100bc430f1f1eea756cb3eefabcb678e85e31cf58c6b
Size

786KB
Sample

221124-cn8fcaba49
MD5

d6ea3809221c8012b485df702a6ce5a7
SHA1

b0aead39e6f72e76d8f3e30861e57c7c020f7c18
SHA256

002a6e6b9aa39fed9afd100bc430f1f1eea756cb3eefabcb678e85e31cf58c6b
SHA512

f35fd7727573d68391cc52c312a406ab5601d1346400bf78ba6f095cbd6d6780afeabcf23a4dbec3d149699794022b1d4a45134bc2afa9b479bd856decd54754
SSDEEP

24576:Wr+1wg/nxG1FaWcajTgAR3qHw4W5MyoFS:Wrg+MGXRaHG5XoFS

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  002a6e6b9aa39fed9afd100bc430f1f1eea756cb3eefabcb678e85e31cf58c6b
- Size
  
  786KB
- MD5
  
  d6ea3809221c8012b485df702a6ce5a7
- SHA1
  
  b0aead39e6f72e76d8f3e30861e57c7c020f7c18
- SHA256
  
  002a6e6b9aa39fed9afd100bc430f1f1eea756cb3eefabcb678e85e31cf58c6b
- SHA512
  
  f35fd7727573d68391cc52c312a406ab5601d1346400bf78ba6f095cbd6d6780afeabcf23a4dbec3d149699794022b1d4a45134bc2afa9b479bd856decd54754
- SSDEEP
  
  24576:Wr+1wg/nxG1FaWcajTgAR3qHw4W5MyoFS:Wrg+MGXRaHG5XoFS
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence