53fa0c9a4bc06f7346de30375ce9090e60c100512c6907221252dafdb4ddc0e1 | Triage

Sharing

General

Target

53fa0c9a4bc06f7346de30375ce9090e60c100512c6907221252dafdb4ddc0e1
Size

138KB
Sample

221124-cpdmcsba59
MD5

ef098e97ba41bcbb3f6a44efeeb08c57
SHA1

3faac0c624b619836b5d7c2d6cf48b1d2a0633dc
SHA256

53fa0c9a4bc06f7346de30375ce9090e60c100512c6907221252dafdb4ddc0e1
SHA512

ee0f48263d7cfa610e493055df486011f6163f5f4fb5c0159b54d521e2ebe24666d06f041f4e6bf2a65caa86e5ed11acaa1763f42fdce3c7a710460b2bb675a7
SSDEEP

1536:nDMcXyi7XONl4Dygt2G5E+SSlRe0HWWOGOQ4K/DxP1dujMcDJPLoqaBqoEP0/2hN:DMcCi7vt2GDuFBTWg+G

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  53fa0c9a4bc06f7346de30375ce9090e60c100512c6907221252dafdb4ddc0e1
- Size
  
  138KB
- MD5
  
  ef098e97ba41bcbb3f6a44efeeb08c57
- SHA1
  
  3faac0c624b619836b5d7c2d6cf48b1d2a0633dc
- SHA256
  
  53fa0c9a4bc06f7346de30375ce9090e60c100512c6907221252dafdb4ddc0e1
- SHA512
  
  ee0f48263d7cfa610e493055df486011f6163f5f4fb5c0159b54d521e2ebe24666d06f041f4e6bf2a65caa86e5ed11acaa1763f42fdce3c7a710460b2bb675a7
- SSDEEP
  
  1536:nDMcXyi7XONl4Dygt2G5E+SSlRe0HWWOGOQ4K/DxP1dujMcDJPLoqaBqoEP0/2hN:DMcCi7vt2GDuFBTWg+G
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence