60e158515551871dcb904f9c14558b02e14683138e8d6c1bc4a19e4934744931 | Triage

Sharing

General

Target

60e158515551871dcb904f9c14558b02e14683138e8d6c1bc4a19e4934744931
Size

152KB
Sample

221124-pdmr4sfg91
MD5

dee407f12217a5525a38466c7f979f1f
SHA1

5fe47d2631b5ab39b9826f8978188714eb781916
SHA256

60e158515551871dcb904f9c14558b02e14683138e8d6c1bc4a19e4934744931
SHA512

6d61951a0ff461c7235826a242f9431fde1e0a7f13c410d3f0587703c9bcc3738dd4c8d00cfa674c53f0b49c09fdca6ce36ef6d91308451eaf6dc769e7190ecd
SSDEEP

3072:iye5CwoH3zPboAmqppwwQC8C4a3lvjzezuaG+hXlg/TTlJ:ROoDboAHcwzOmtqB1ATB

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  60e158515551871dcb904f9c14558b02e14683138e8d6c1bc4a19e4934744931
- Size
  
  152KB
- MD5
  
  dee407f12217a5525a38466c7f979f1f
- SHA1
  
  5fe47d2631b5ab39b9826f8978188714eb781916
- SHA256
  
  60e158515551871dcb904f9c14558b02e14683138e8d6c1bc4a19e4934744931
- SHA512
  
  6d61951a0ff461c7235826a242f9431fde1e0a7f13c410d3f0587703c9bcc3738dd4c8d00cfa674c53f0b49c09fdca6ce36ef6d91308451eaf6dc769e7190ecd
- SSDEEP
  
  3072:iye5CwoH3zPboAmqppwwQC8C4a3lvjzezuaG+hXlg/TTlJ:ROoDboAHcwzOmtqB1ATB
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence