05b3f817f2aa08d41d3683d57a8ad3673e1fb8993e01e39d699cc1709d743c9e | Triage

Sharing

General

Target

05b3f817f2aa08d41d3683d57a8ad3673e1fb8993e01e39d699cc1709d743c9e
Size

43KB
Sample

221124-e1bm9agh78
MD5

bf92c1be85837e1cce8ff9920d5541bb
SHA1

a5858c6c9fbf5ccff1aa57bf5e1a44d9355d8c55
SHA256

05b3f817f2aa08d41d3683d57a8ad3673e1fb8993e01e39d699cc1709d743c9e
SHA512

ff279e9d7ab5b3312ab163f61710ff4cb94730526a2f460259b164c9a308db084f77510f8de3d052e42ccad07b2468acaa02a8070f08f0e8fae42bffd0aca428
SSDEEP

768:vC+Z8T8fX29dS4gaD0rK9JTv2E35p1h6HBjHvaqvtG1J97Ft1SCPNA90KHCCjPkQ:o/JaUEt9itrPqHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  05b3f817f2aa08d41d3683d57a8ad3673e1fb8993e01e39d699cc1709d743c9e
- Size
  
  43KB
- MD5
  
  bf92c1be85837e1cce8ff9920d5541bb
- SHA1
  
  a5858c6c9fbf5ccff1aa57bf5e1a44d9355d8c55
- SHA256
  
  05b3f817f2aa08d41d3683d57a8ad3673e1fb8993e01e39d699cc1709d743c9e
- SHA512
  
  ff279e9d7ab5b3312ab163f61710ff4cb94730526a2f460259b164c9a308db084f77510f8de3d052e42ccad07b2468acaa02a8070f08f0e8fae42bffd0aca428
- SSDEEP
  
  768:vC+Z8T8fX29dS4gaD0rK9JTv2E35p1h6HBjHvaqvtG1J97Ft1SCPNA90KHCCjPkQ:o/JaUEt9itrPqHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence