2a7b556bf71db49e09a5653b46174e18cb852135a8b5e00afd1c68e6f01daa6e | Triage

Sharing

General

Target

2a7b556bf71db49e09a5653b46174e18cb852135a8b5e00afd1c68e6f01daa6e
Size

502KB
Sample

221124-n69xnsfd5s
MD5

35413d04f0e70135e7d6b8d48f7569d7
SHA1

067b82d245a02c84b7fe1ff87c46049371771510
SHA256

2a7b556bf71db49e09a5653b46174e18cb852135a8b5e00afd1c68e6f01daa6e
SHA512

47ac67c30192a87db1010b26fa4ca485f87026f9eae2cf231f34eb50a23991e8333a23617e4fc20a43c62f22ed96469b95fdfbfe7985191ec04062780dc598e5
SSDEEP

12288:fXDluOS3La33x7NFNrwTN34/OTHrMKyXQSm1U8RM:f3VzmI/OTLMVEu

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  2a7b556bf71db49e09a5653b46174e18cb852135a8b5e00afd1c68e6f01daa6e
- Size
  
  502KB
- MD5
  
  35413d04f0e70135e7d6b8d48f7569d7
- SHA1
  
  067b82d245a02c84b7fe1ff87c46049371771510
- SHA256
  
  2a7b556bf71db49e09a5653b46174e18cb852135a8b5e00afd1c68e6f01daa6e
- SHA512
  
  47ac67c30192a87db1010b26fa4ca485f87026f9eae2cf231f34eb50a23991e8333a23617e4fc20a43c62f22ed96469b95fdfbfe7985191ec04062780dc598e5
- SSDEEP
  
  12288:fXDluOS3La33x7NFNrwTN34/OTHrMKyXQSm1U8RM:f3VzmI/OTLMVEu
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence