6557a84c330d23063bb679aa3bed2a08cc92407649652ee1c08f2ac4a15df62b | Triage

Sharing

General

Target

6557a84c330d23063bb679aa3bed2a08cc92407649652ee1c08f2ac4a15df62b
Size

175KB
Sample

221125-kjzxeahe6v
MD5

fba3e964b429f06bea06e6d5e3ab8b08
SHA1

a13b91c0bc483458975a09330840521b269ffbbd
SHA256

6557a84c330d23063bb679aa3bed2a08cc92407649652ee1c08f2ac4a15df62b
SHA512

c63431e907814f89d3b6d86fb95e637fc7ee15d0b23f8df0947e9e2f7fd8c528ab63d5b1723289e38ff66d63c252027846a0b092f387819ac407b27aba3588c1
SSDEEP

3072:23+zM8o1HWCbZa2C2wFP3KvqKHueMysYmPes/93JDYxBFt3xRKUFgXV+OBUFt8+c:25WWtIP8xwDJY8KI

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  6557a84c330d23063bb679aa3bed2a08cc92407649652ee1c08f2ac4a15df62b
- Size
  
  175KB
- MD5
  
  fba3e964b429f06bea06e6d5e3ab8b08
- SHA1
  
  a13b91c0bc483458975a09330840521b269ffbbd
- SHA256
  
  6557a84c330d23063bb679aa3bed2a08cc92407649652ee1c08f2ac4a15df62b
- SHA512
  
  c63431e907814f89d3b6d86fb95e637fc7ee15d0b23f8df0947e9e2f7fd8c528ab63d5b1723289e38ff66d63c252027846a0b092f387819ac407b27aba3588c1
- SSDEEP
  
  3072:23+zM8o1HWCbZa2C2wFP3KvqKHueMysYmPes/93JDYxBFt3xRKUFgXV+OBUFt8+c:25WWtIP8xwDJY8KI
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence