8fe298ced61542daafc4b97db08c385d49bf4ead7e342775f5e7e59c75beb772 | Triage

Sharing

General

Target

8fe298ced61542daafc4b97db08c385d49bf4ead7e342775f5e7e59c75beb772
Size

204KB
Sample

221124-ez8xcscb4v
MD5

b704a8917354ea328439ab277695c988
SHA1

363b180aa6848b1769ee9727d0a567a4204d0dd8
SHA256

8fe298ced61542daafc4b97db08c385d49bf4ead7e342775f5e7e59c75beb772
SHA512

cc805e50fd2ebdb563f3d75897798062e6733ad62ce23ce21f966595cc4b64bfcbcf192939c2794f6d308c02e8f8bacdc375e0dea4a17fd176b6f49128b7d5af
SSDEEP

6144:4XHdo4n52x9lLdVa28IgSQ51VRx4hvd/:4X43VaR/nx2N

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  8fe298ced61542daafc4b97db08c385d49bf4ead7e342775f5e7e59c75beb772
- Size
  
  204KB
- MD5
  
  b704a8917354ea328439ab277695c988
- SHA1
  
  363b180aa6848b1769ee9727d0a567a4204d0dd8
- SHA256
  
  8fe298ced61542daafc4b97db08c385d49bf4ead7e342775f5e7e59c75beb772
- SHA512
  
  cc805e50fd2ebdb563f3d75897798062e6733ad62ce23ce21f966595cc4b64bfcbcf192939c2794f6d308c02e8f8bacdc375e0dea4a17fd176b6f49128b7d5af
- SSDEEP
  
  6144:4XHdo4n52x9lLdVa28IgSQ51VRx4hvd/:4X43VaR/nx2N
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence