0acc20365b1d66008cd1ea125c681d0d7d7cd3714dc7fc22b260a8c74ffb6538 | Triage

Sharing

General

Target

0acc20365b1d66008cd1ea125c681d0d7d7cd3714dc7fc22b260a8c74ffb6538
Size

1.1MB
Sample

221125-fs6zvsda54
MD5

d631ca3c1d6970635ecee6f6ccf087fa
SHA1

db6cc11cea99f16e79b5c2944928d882316a37a6
SHA256

0acc20365b1d66008cd1ea125c681d0d7d7cd3714dc7fc22b260a8c74ffb6538
SHA512

798f599ff0a13dc681aaa490e0f1337c463176b8ef34cf5dc8d74fb54fab185087e53fd825c57a20d9c823a889d260e727709c2e88c581573dd724000bcf140b
SSDEEP

24576:29tcBbHxQawkkAv/DEW7Mu0ikNyc+ccSO+Q5en0Ff54K+eJaw:ocBbRQaw/Av/oW7DL8kccMQ5en0FB44J

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  0acc20365b1d66008cd1ea125c681d0d7d7cd3714dc7fc22b260a8c74ffb6538
- Size
  
  1.1MB
- MD5
  
  d631ca3c1d6970635ecee6f6ccf087fa
- SHA1
  
  db6cc11cea99f16e79b5c2944928d882316a37a6
- SHA256
  
  0acc20365b1d66008cd1ea125c681d0d7d7cd3714dc7fc22b260a8c74ffb6538
- SHA512
  
  798f599ff0a13dc681aaa490e0f1337c463176b8ef34cf5dc8d74fb54fab185087e53fd825c57a20d9c823a889d260e727709c2e88c581573dd724000bcf140b
- SSDEEP
  
  24576:29tcBbHxQawkkAv/DEW7Mu0ikNyc+ccSO+Q5en0Ff54K+eJaw:ocBbRQaw/Av/oW7DL8kccMQ5en0FB44J
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence