10da1c8c38922022f220f3fcca716fd792e2f7eb65e500d44630c8a56d4a992d | Triage

Sharing

General

Target

10da1c8c38922022f220f3fcca716fd792e2f7eb65e500d44630c8a56d4a992d
Size

43KB
Sample

221124-e1ae7acb4y
MD5

2d3bc85c00b6d727f75856f573232414
SHA1

1aebb6ee6e07b011e540560070ae70df444a9547
SHA256

10da1c8c38922022f220f3fcca716fd792e2f7eb65e500d44630c8a56d4a992d
SHA512

64ccdeefa458c85605ef6c6620cd8ca3b5dd8bf435f943b1602421396d603ebaeaec549083f26a298ef7c632bc2f3971128eb29b5a9cc6e163a967008c24e32f
SSDEEP

768:QsTzJ8ytcXzS6ig/ir+9WTW2il581g6H7jHv2dqvtq14IsL1uHCRUNWqgQHCCjP/:NeWfZVXFWEYCRU3HCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  10da1c8c38922022f220f3fcca716fd792e2f7eb65e500d44630c8a56d4a992d
- Size
  
  43KB
- MD5
  
  2d3bc85c00b6d727f75856f573232414
- SHA1
  
  1aebb6ee6e07b011e540560070ae70df444a9547
- SHA256
  
  10da1c8c38922022f220f3fcca716fd792e2f7eb65e500d44630c8a56d4a992d
- SHA512
  
  64ccdeefa458c85605ef6c6620cd8ca3b5dd8bf435f943b1602421396d603ebaeaec549083f26a298ef7c632bc2f3971128eb29b5a9cc6e163a967008c24e32f
- SSDEEP
  
  768:QsTzJ8ytcXzS6ig/ir+9WTW2il581g6H7jHv2dqvtq14IsL1uHCRUNWqgQHCCjP/:NeWfZVXFWEYCRU3HCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence