7cb34ed0ebbff5d6ad23f50a2f23489083818cde59989ba0b1bbe5bd0aa2a2cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7cb34ed0ebbff5d6ad23f50a2f23489083818cde59989ba0b1bbe5bd0aa2a2cf
Size

174KB
Sample

221124-e4ejbacd51
MD5

eaeaeeac47172f683195845c55132dbf
SHA1

2df0ef2ac0b081d9fc7f00a4ac83bf2de8595e50
SHA256

7cb34ed0ebbff5d6ad23f50a2f23489083818cde59989ba0b1bbe5bd0aa2a2cf
SHA512

b094fe439168006500b10ac6365f97b202c491cb03ab3fb423a5f39de363991d174227963dd6522a780c8cd6a25886f0816a5b2d3db092d2af079caf0c8d427b
SSDEEP

1536:ZRlatjXK1RYQlcD3pMqcMJuQWvkDu3qFIyVIxblXTKn1MYwoyzsoql9BTPL62eyU:ZojXKrYQl+pM3+iqA+1M27nP086

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  7cb34ed0ebbff5d6ad23f50a2f23489083818cde59989ba0b1bbe5bd0aa2a2cf
- Size
  
  174KB
- MD5
  
  eaeaeeac47172f683195845c55132dbf
- SHA1
  
  2df0ef2ac0b081d9fc7f00a4ac83bf2de8595e50
- SHA256
  
  7cb34ed0ebbff5d6ad23f50a2f23489083818cde59989ba0b1bbe5bd0aa2a2cf
- SHA512
  
  b094fe439168006500b10ac6365f97b202c491cb03ab3fb423a5f39de363991d174227963dd6522a780c8cd6a25886f0816a5b2d3db092d2af079caf0c8d427b
- SSDEEP
  
  1536:ZRlatjXK1RYQlcD3pMqcMJuQWvkDu3qFIyVIxblXTKn1MYwoyzsoql9BTPL62eyU:ZojXKrYQl+pM3+iqA+1M27nP086
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence