e523fd24974792691867d924fbf3f9d17a75d3e177841cf94717ed305c9ebe95 | Triage

Sharing

General

Target

e523fd24974792691867d924fbf3f9d17a75d3e177841cf94717ed305c9ebe95
Size

391KB
Sample

221124-fxe2yabd29
MD5

a568d5b4161f67ffcae2ae96194c2a9c
SHA1

190ad0601618f26ea2c170ab65ae92673b9bd1b1
SHA256

e523fd24974792691867d924fbf3f9d17a75d3e177841cf94717ed305c9ebe95
SHA512

2b4e6c745727bc405911d266ca8d02acb997e574c54fc145f04fa85bbed036ef58fc60726a388a02d0ad1576cdb5892c0920b2f06df485639c394bedec60b9d4
SSDEEP

3072:s6Hh0s5WFPnHdrk4mHkgFh782f/Bh6mUMDc0whM27TZob3ae6nailN:s5Hdo4d2NqfPysajQ7

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  e523fd24974792691867d924fbf3f9d17a75d3e177841cf94717ed305c9ebe95
- Size
  
  391KB
- MD5
  
  a568d5b4161f67ffcae2ae96194c2a9c
- SHA1
  
  190ad0601618f26ea2c170ab65ae92673b9bd1b1
- SHA256
  
  e523fd24974792691867d924fbf3f9d17a75d3e177841cf94717ed305c9ebe95
- SHA512
  
  2b4e6c745727bc405911d266ca8d02acb997e574c54fc145f04fa85bbed036ef58fc60726a388a02d0ad1576cdb5892c0920b2f06df485639c394bedec60b9d4
- SSDEEP
  
  3072:s6Hh0s5WFPnHdrk4mHkgFh782f/Bh6mUMDc0whM27TZob3ae6nailN:s5Hdo4d2NqfPysajQ7
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence