ed50663942b9e0863cf5c7b7b75cb93f818679405edafa52ff9b337c8100316b | Triage

Sharing

General

Target

ed50663942b9e0863cf5c7b7b75cb93f818679405edafa52ff9b337c8100316b
Size

43KB
Sample

221125-hl5jkacf41
MD5

be7bb1d1a95269a08657576693d4b5e0
SHA1

afa4e30391251d1b21290867ecccf0ddcca6bfd4
SHA256

ed50663942b9e0863cf5c7b7b75cb93f818679405edafa52ff9b337c8100316b
SHA512

ddad153d9f639bfaa4a8b24da39cd3e856994e95b460d1fa627876401df3378c816797b5c9db9e16c2e0fd8c5429d84a02d67316cbbfba602a2718280b09323d
SSDEEP

768:f1YMvYZcWAK5NaECHmIi5PtJh9Q12F24yt0:WMAP2TkPtr96t0

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  ed50663942b9e0863cf5c7b7b75cb93f818679405edafa52ff9b337c8100316b
- Size
  
  43KB
- MD5
  
  be7bb1d1a95269a08657576693d4b5e0
- SHA1
  
  afa4e30391251d1b21290867ecccf0ddcca6bfd4
- SHA256
  
  ed50663942b9e0863cf5c7b7b75cb93f818679405edafa52ff9b337c8100316b
- SHA512
  
  ddad153d9f639bfaa4a8b24da39cd3e856994e95b460d1fa627876401df3378c816797b5c9db9e16c2e0fd8c5429d84a02d67316cbbfba602a2718280b09323d
- SSDEEP
  
  768:f1YMvYZcWAK5NaECHmIi5PtJh9Q12F24yt0:WMAP2TkPtr96t0
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence