49b9168b3bfe6ab44fd50fc7cb4c5ec648fe3afbb28f699f39cf7c9f3bd2930c | Triage

Sharing

General

Target

49b9168b3bfe6ab44fd50fc7cb4c5ec648fe3afbb28f699f39cf7c9f3bd2930c
Size

141KB
Sample

221124-l9p1kaah4t
MD5

bdca0ca22c828b88803f0a64f412cd2b
SHA1

f54f9af07440b20992d55464bedc9e0f069237f3
SHA256

49b9168b3bfe6ab44fd50fc7cb4c5ec648fe3afbb28f699f39cf7c9f3bd2930c
SHA512

330739da09f4a17506b6b45ab01df18402d46410274d56bc31354c73c28c178a6154d6c8b169311eb9347ddebc766a91e7f31ac8d82465a69ba4672d5e383ced
SSDEEP

3072:V2x3wPT2EowHyrhjMyh4+obglxE9p/h5RMP44:4sowHyr+w3+Mw

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  49b9168b3bfe6ab44fd50fc7cb4c5ec648fe3afbb28f699f39cf7c9f3bd2930c
- Size
  
  141KB
- MD5
  
  bdca0ca22c828b88803f0a64f412cd2b
- SHA1
  
  f54f9af07440b20992d55464bedc9e0f069237f3
- SHA256
  
  49b9168b3bfe6ab44fd50fc7cb4c5ec648fe3afbb28f699f39cf7c9f3bd2930c
- SHA512
  
  330739da09f4a17506b6b45ab01df18402d46410274d56bc31354c73c28c178a6154d6c8b169311eb9347ddebc766a91e7f31ac8d82465a69ba4672d5e383ced
- SSDEEP
  
  3072:V2x3wPT2EowHyrhjMyh4+obglxE9p/h5RMP44:4sowHyr+w3+Mw
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence