1d85994068cff4a819940d961db45662ea36ab79001056e2a914744e5ee12944 | Triage

Sharing

General

Target

1d85994068cff4a819940d961db45662ea36ab79001056e2a914744e5ee12944
Size

28KB
Sample

221124-cpgzsaba69
MD5

d364056e7622a29939064a6148f88c91
SHA1

7940e608a27fc84eebcf062f6c95158eafd046cf
SHA256

1d85994068cff4a819940d961db45662ea36ab79001056e2a914744e5ee12944
SHA512

15de191b213c9d7af9aae0285046e498f39e3fa96047a9272ba49e60f6668ae3411c8c608773eb9251b9922d21ec30138a324baf60dd37aae4fea0305c75e580
SSDEEP

768:Hy5Fa9alWS1gCC/so/b5LW5UNOIMLxGdB3JVMV5mRWOQEi9oKoQ4qs:H+U04Yg39Lyf4n8VqtQEbKoR

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  freeinternet.exe
- Size
  
  138KB
- MD5
  
  ef098e97ba41bcbb3f6a44efeeb08c57
- SHA1
  
  3faac0c624b619836b5d7c2d6cf48b1d2a0633dc
- SHA256
  
  53fa0c9a4bc06f7346de30375ce9090e60c100512c6907221252dafdb4ddc0e1
- SHA512
  
  ee0f48263d7cfa610e493055df486011f6163f5f4fb5c0159b54d521e2ebe24666d06f041f4e6bf2a65caa86e5ed11acaa1763f42fdce3c7a710460b2bb675a7
- SSDEEP
  
  1536:nDMcXyi7XONl4Dygt2G5E+SSlRe0HWWOGOQ4K/DxP1dujMcDJPLoqaBqoEP0/2hN:DMcCi7vt2GDuFBTWg+G
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence