b740aeb2a5bc8740c4ed8b51f776e45a34ef43d33c7b06c6131e8e4b671571ea | Triage

Sharing

General

Target

b740aeb2a5bc8740c4ed8b51f776e45a34ef43d33c7b06c6131e8e4b671571ea
Size

50KB
Sample

221124-ez63rscb31
MD5

5a15e18050df38d7e10d08c4329b8752
SHA1

b83f5a85517f146e4fa7d7ef569ac4ef048af1e1
SHA256

b740aeb2a5bc8740c4ed8b51f776e45a34ef43d33c7b06c6131e8e4b671571ea
SHA512

144e4aa3de3e4c1c29dfa61b5bbc12270b261465e6d69d885b0d118c19ca0e4f81696240cdc6a7a2d7e250154f52a2f84f4477c3149b1bf4c6d13e1274193003
SSDEEP

768:PDOCtz8u3WN1SgACDUrK9mT62kX5M1y6HZjHe6qvtG1ddFct1gCSNM0jcHCCjPky:rOmrt71Gi/wdSGHCCrkw

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  b740aeb2a5bc8740c4ed8b51f776e45a34ef43d33c7b06c6131e8e4b671571ea
- Size
  
  50KB
- MD5
  
  5a15e18050df38d7e10d08c4329b8752
- SHA1
  
  b83f5a85517f146e4fa7d7ef569ac4ef048af1e1
- SHA256
  
  b740aeb2a5bc8740c4ed8b51f776e45a34ef43d33c7b06c6131e8e4b671571ea
- SHA512
  
  144e4aa3de3e4c1c29dfa61b5bbc12270b261465e6d69d885b0d118c19ca0e4f81696240cdc6a7a2d7e250154f52a2f84f4477c3149b1bf4c6d13e1274193003
- SSDEEP
  
  768:PDOCtz8u3WN1SgACDUrK9mT62kX5M1y6HZjHe6qvtG1ddFct1gCSNM0jcHCCjPky:rOmrt71Gi/wdSGHCCrkw
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence