9b8d087a8ac0e153b30b5a663dfa0f407c35e00c6187e8fde75d0a5fff3a5db3 | Triage

Sharing

General

Target

9b8d087a8ac0e153b30b5a663dfa0f407c35e00c6187e8fde75d0a5fff3a5db3
Size

126KB
Sample

221124-ez7pascb4s
MD5

32cc00407f86e313054cf5490e4dbe68
SHA1

d656d024fc92b02b53e4a96268c72acece0ae800
SHA256

9b8d087a8ac0e153b30b5a663dfa0f407c35e00c6187e8fde75d0a5fff3a5db3
SHA512

c3bf3ebfc823a2b193d2f9bf9e689de688b42effaf958ab56c9cca8c04e6bb32f46911225dc3482e04d05e755adaa188228a6039b011aee37fab9562be227cbf
SSDEEP

1536:tB1dlgRwgoY9ef3p81UFz2PEnm5YoNozN6yj344Z9tmKqI:X1dlKwgj23+Oz05YoNoz7D9TmKr

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  9b8d087a8ac0e153b30b5a663dfa0f407c35e00c6187e8fde75d0a5fff3a5db3
- Size
  
  126KB
- MD5
  
  32cc00407f86e313054cf5490e4dbe68
- SHA1
  
  d656d024fc92b02b53e4a96268c72acece0ae800
- SHA256
  
  9b8d087a8ac0e153b30b5a663dfa0f407c35e00c6187e8fde75d0a5fff3a5db3
- SHA512
  
  c3bf3ebfc823a2b193d2f9bf9e689de688b42effaf958ab56c9cca8c04e6bb32f46911225dc3482e04d05e755adaa188228a6039b011aee37fab9562be227cbf
- SSDEEP
  
  1536:tB1dlgRwgoY9ef3p81UFz2PEnm5YoNozN6yj344Z9tmKqI:X1dlKwgj23+Oz05YoNoz7D9TmKr
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence