c4a0d874ecbaf3865c3907f3fbd89014b5953cb9d5c8ca69a72c1a83e2143e96 | Triage

Sharing

General

Target

c4a0d874ecbaf3865c3907f3fbd89014b5953cb9d5c8ca69a72c1a83e2143e96
Size

207KB
Sample

221124-yaw12sec65
MD5

1dd570fecefd5c56cb21ed7ee72c8b41
SHA1

0fb3a84783f1342cc68afa053961f16d1280ea6e
SHA256

c4a0d874ecbaf3865c3907f3fbd89014b5953cb9d5c8ca69a72c1a83e2143e96
SHA512

ff9ebebb8bb2e8ee414477dff5a95542dc5d8ba25c63c1c2c45adac6ecfd9bfbe08e8bf32c564fa30601a2e4ae02f6f017ae0491383740a11d778e4d3e2a3589
SSDEEP

3072:m9Va9YHpRXusg+nNAxL70OUizr1QtrXvtQo+r+D2fL5rC63Q77NOmYZAWkdJqxLu:Hf9dQ7JQ3kdM/9ikg/8KJnz8

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  c4a0d874ecbaf3865c3907f3fbd89014b5953cb9d5c8ca69a72c1a83e2143e96
- Size
  
  207KB
- MD5
  
  1dd570fecefd5c56cb21ed7ee72c8b41
- SHA1
  
  0fb3a84783f1342cc68afa053961f16d1280ea6e
- SHA256
  
  c4a0d874ecbaf3865c3907f3fbd89014b5953cb9d5c8ca69a72c1a83e2143e96
- SHA512
  
  ff9ebebb8bb2e8ee414477dff5a95542dc5d8ba25c63c1c2c45adac6ecfd9bfbe08e8bf32c564fa30601a2e4ae02f6f017ae0491383740a11d778e4d3e2a3589
- SSDEEP
  
  3072:m9Va9YHpRXusg+nNAxL70OUizr1QtrXvtQo+r+D2fL5rC63Q77NOmYZAWkdJqxLu:Hf9dQ7JQ3kdM/9ikg/8KJnz8
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence