952e599d43ba35f654b27cc7579c4191f5710a4463838fcaea21eb8168b2dc15 | Triage

Sharing

General

Target

952e599d43ba35f654b27cc7579c4191f5710a4463838fcaea21eb8168b2dc15
Size

266KB
Sample

221124-f74haaca56
MD5

526335a29efba3b1cc944a9969141ebb
SHA1

55853abed798d6ce5541916aea8f4000cebfae46
SHA256

952e599d43ba35f654b27cc7579c4191f5710a4463838fcaea21eb8168b2dc15
SHA512

69c250d520b1f40d6de4b19497bc3958e41732a916572a957206cf47d56bce382dacc04cf3b0e57ceb76785915c934963a51ac9cb0d22ce32427dfa5ffbda737
SSDEEP

6144:0j2BNe5gzNBGekQD2neUa9THnEee903H+zo2L/9QZHfTWGJ1cD7VYrzNHlmzKrxr:jzNBGekQD2nejrzNHlcqarCf

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  952e599d43ba35f654b27cc7579c4191f5710a4463838fcaea21eb8168b2dc15
- Size
  
  266KB
- MD5
  
  526335a29efba3b1cc944a9969141ebb
- SHA1
  
  55853abed798d6ce5541916aea8f4000cebfae46
- SHA256
  
  952e599d43ba35f654b27cc7579c4191f5710a4463838fcaea21eb8168b2dc15
- SHA512
  
  69c250d520b1f40d6de4b19497bc3958e41732a916572a957206cf47d56bce382dacc04cf3b0e57ceb76785915c934963a51ac9cb0d22ce32427dfa5ffbda737
- SSDEEP
  
  6144:0j2BNe5gzNBGekQD2neUa9THnEee903H+zo2L/9QZHfTWGJ1cD7VYrzNHlmzKrxr:jzNBGekQD2nejrzNHlcqarCf
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence