ac6c33f851a80389428edacefb0ed9d1ad5e008676ff3bf909e0f357fb247608 | Triage

Sharing

General

Target

ac6c33f851a80389428edacefb0ed9d1ad5e008676ff3bf909e0f357fb247608
Size

43KB
Sample

221125-zt2lbahf7z
MD5

d73660a8a86dd85ad70da0b475561a9c
SHA1

518fb94f6c87156f3e92ef2d48ceaf122cead363
SHA256

ac6c33f851a80389428edacefb0ed9d1ad5e008676ff3bf909e0f357fb247608
SHA512

02ff44136a34172882e24ed5e91026dda01335ff995c8f4d891c26fd3c41b1ca91878d1dc207bf7150127d0a6588c1cc6d931c59723955a7881c4cb1b1b6c5f5
SSDEEP

768:pO05/8+zaBGSkMWAbDrq9OT+2I45c1r6H8jHywqvtu1iR4r103aNzwrDHCCjPkak:XMmOnMKUgK9EaYHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  ac6c33f851a80389428edacefb0ed9d1ad5e008676ff3bf909e0f357fb247608
- Size
  
  43KB
- MD5
  
  d73660a8a86dd85ad70da0b475561a9c
- SHA1
  
  518fb94f6c87156f3e92ef2d48ceaf122cead363
- SHA256
  
  ac6c33f851a80389428edacefb0ed9d1ad5e008676ff3bf909e0f357fb247608
- SHA512
  
  02ff44136a34172882e24ed5e91026dda01335ff995c8f4d891c26fd3c41b1ca91878d1dc207bf7150127d0a6588c1cc6d931c59723955a7881c4cb1b1b6c5f5
- SSDEEP
  
  768:pO05/8+zaBGSkMWAbDrq9OT+2I45c1r6H8jHywqvtu1iR4r103aNzwrDHCCjPkak:XMmOnMKUgK9EaYHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence