8e8392c1ed2fd57aa7bd66abda66fc2d7894cda7ca56496cb54d46a36680e1c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e8392c1ed2fd57aa7bd66abda66fc2d7894cda7ca56496cb54d46a36680e1c8
Size

335KB
Sample

221125-v4qjkscf54
MD5

536751c64a35d5d25b0db328787c4bb7
SHA1

650cd3c2ec76bfd1bf359b88aff9209cf8c09869
SHA256

8e8392c1ed2fd57aa7bd66abda66fc2d7894cda7ca56496cb54d46a36680e1c8
SHA512

85dc36ba74edfdf7506fbe14157d373a1fc20cf573b4aad711e06ae47b8bef837a67fb140a4fb80beddb8b3e1d1248d08b38eeda20a444c032421f20906eff18
SSDEEP

1536:Ovj7HzDjYm/DRI5bNUyGRyw/B4iaEVqD1uaHbPt1T:Ovjn9/DRI5bNUyGYOB3VqDL7Pt1T

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  8e8392c1ed2fd57aa7bd66abda66fc2d7894cda7ca56496cb54d46a36680e1c8
- Size
  
  335KB
- MD5
  
  536751c64a35d5d25b0db328787c4bb7
- SHA1
  
  650cd3c2ec76bfd1bf359b88aff9209cf8c09869
- SHA256
  
  8e8392c1ed2fd57aa7bd66abda66fc2d7894cda7ca56496cb54d46a36680e1c8
- SHA512
  
  85dc36ba74edfdf7506fbe14157d373a1fc20cf573b4aad711e06ae47b8bef837a67fb140a4fb80beddb8b3e1d1248d08b38eeda20a444c032421f20906eff18
- SSDEEP
  
  1536:Ovj7HzDjYm/DRI5bNUyGRyw/B4iaEVqD1uaHbPt1T:Ovjn9/DRI5bNUyGYOB3VqDL7Pt1T
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence