1a296abe006e502766ce30ed01620087bdfc69db4a8d3574ddd851a128f85510 | Triage

Sharing

General

Target

1a296abe006e502766ce30ed01620087bdfc69db4a8d3574ddd851a128f85510
Size

79KB
Sample

221125-ez3eksee6s
MD5

cda0c33697c8b3affc278a4a5d437933
SHA1

4c50d2047ff9625f4ef39329336f8794bcf2be70
SHA256

1a296abe006e502766ce30ed01620087bdfc69db4a8d3574ddd851a128f85510
SHA512

83bf23b5e2fffadc2aae29bce4ffbf5719618d72c68fd8b8c37bf51fbcf293878894dfb9eb369e474768e171c72f248c1c98ee095b5e33fdab17615a9937b7eb
SSDEEP

1536:HEZ1KuodTWDaGUYPLjTewFCBt678sp1NK9e:SoBWDHUYqwFCBg7dp1Nl

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  1a296abe006e502766ce30ed01620087bdfc69db4a8d3574ddd851a128f85510
- Size
  
  79KB
- MD5
  
  cda0c33697c8b3affc278a4a5d437933
- SHA1
  
  4c50d2047ff9625f4ef39329336f8794bcf2be70
- SHA256
  
  1a296abe006e502766ce30ed01620087bdfc69db4a8d3574ddd851a128f85510
- SHA512
  
  83bf23b5e2fffadc2aae29bce4ffbf5719618d72c68fd8b8c37bf51fbcf293878894dfb9eb369e474768e171c72f248c1c98ee095b5e33fdab17615a9937b7eb
- SSDEEP
  
  1536:HEZ1KuodTWDaGUYPLjTewFCBt678sp1NK9e:SoBWDHUYqwFCBg7dp1Nl
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2