5b84b1dcca2ef947c8478823b6965866c924ef526e80ead3a86e7b4e287d3bc4 | Triage

Sharing

General

Target

5b84b1dcca2ef947c8478823b6965866c924ef526e80ead3a86e7b4e287d3bc4
Size

43KB
Sample

221125-zt9lxshf9t
MD5

f54916f0f72ddf4f947ea8393a6afbe4
SHA1

96da9c3e70b6a7a00bb503d51219f10d56506e18
SHA256

5b84b1dcca2ef947c8478823b6965866c924ef526e80ead3a86e7b4e287d3bc4
SHA512

af9f505bf8397f92e2f0445949bd2cb4df2d771104882b7741eda61cb626ed45f31020bb9ab70d9acae90ca8ab8406e20c793008c6cb741133db5df1d48039c6
SSDEEP

768:VSmAl78OvOVqSoIawDrq9mTt2az05s1H6HsjH60qvt21GFoL1gxv+N/sDzHCCjPf:2Vm4cek8itgl+YHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  5b84b1dcca2ef947c8478823b6965866c924ef526e80ead3a86e7b4e287d3bc4
- Size
  
  43KB
- MD5
  
  f54916f0f72ddf4f947ea8393a6afbe4
- SHA1
  
  96da9c3e70b6a7a00bb503d51219f10d56506e18
- SHA256
  
  5b84b1dcca2ef947c8478823b6965866c924ef526e80ead3a86e7b4e287d3bc4
- SHA512
  
  af9f505bf8397f92e2f0445949bd2cb4df2d771104882b7741eda61cb626ed45f31020bb9ab70d9acae90ca8ab8406e20c793008c6cb741133db5df1d48039c6
- SSDEEP
  
  768:VSmAl78OvOVqSoIawDrq9mTt2az05s1H6HsjH60qvt21GFoL1gxv+N/sDzHCCjPf:2Vm4cek8itgl+YHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence