5f2c5df7f8cc61654ee48aede247285574428a75359c8b8b2530273e015bb4ed | Triage

Sharing

General

Target

5f2c5df7f8cc61654ee48aede247285574428a75359c8b8b2530273e015bb4ed
Size

44KB
Sample

221125-j7vf6adc98
MD5

00ffe44ac5bb8b97dead8d1688fffa39
SHA1

c44a2bcce33ac0b2ed77807fc3ae8717d77e2de4
SHA256

5f2c5df7f8cc61654ee48aede247285574428a75359c8b8b2530273e015bb4ed
SHA512

190bd6eaf029e383399e935f76a5c501ee290b64b0722485d998eb571976144df3b639f024c9926988e74f9a8c97c568a7a760c36736b733491ded043c0e5cd7
SSDEEP

768:ZqK10kfv4JuCXgZSHyS3w0fCt1KjpoiMYkaqj1:rTz4CtQjuSkL

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  5f2c5df7f8cc61654ee48aede247285574428a75359c8b8b2530273e015bb4ed
- Size
  
  44KB
- MD5
  
  00ffe44ac5bb8b97dead8d1688fffa39
- SHA1
  
  c44a2bcce33ac0b2ed77807fc3ae8717d77e2de4
- SHA256
  
  5f2c5df7f8cc61654ee48aede247285574428a75359c8b8b2530273e015bb4ed
- SHA512
  
  190bd6eaf029e383399e935f76a5c501ee290b64b0722485d998eb571976144df3b639f024c9926988e74f9a8c97c568a7a760c36736b733491ded043c0e5cd7
- SSDEEP
  
  768:ZqK10kfv4JuCXgZSHyS3w0fCt1KjpoiMYkaqj1:rTz4CtQjuSkL
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence