8e10b2dae6210565323090ff5780d7daa31da0a27336b2ebdaf8871057dfd8ea | Triage

Sharing

General

Target

8e10b2dae6210565323090ff5780d7daa31da0a27336b2ebdaf8871057dfd8ea
Size

339KB
Sample

221126-3cfjasga2v
MD5

b7ed79baa3588b376737279e74a907d6
SHA1

d6bbb6e08f58cd534f0237bd248ad0df3b76bf7a
SHA256

8e10b2dae6210565323090ff5780d7daa31da0a27336b2ebdaf8871057dfd8ea
SHA512

6c5e9dd57ad7b311910e0c882b163f7acd169c7112674d2ffa14f4f9eb32a675e06b7b823588bf1dfaa10c532672e510d6b1ad0f2f77c6378ae8090b621b9921
SSDEEP

3072:0caUw2aT5H9rxZndLRf1jJXfMGXqaQaqP7NXJj1eQac2ZzFvhbJLwsOj4PPsJWi3:DG1M6TVx

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  8e10b2dae6210565323090ff5780d7daa31da0a27336b2ebdaf8871057dfd8ea
- Size
  
  339KB
- MD5
  
  b7ed79baa3588b376737279e74a907d6
- SHA1
  
  d6bbb6e08f58cd534f0237bd248ad0df3b76bf7a
- SHA256
  
  8e10b2dae6210565323090ff5780d7daa31da0a27336b2ebdaf8871057dfd8ea
- SHA512
  
  6c5e9dd57ad7b311910e0c882b163f7acd169c7112674d2ffa14f4f9eb32a675e06b7b823588bf1dfaa10c532672e510d6b1ad0f2f77c6378ae8090b621b9921
- SSDEEP
  
  3072:0caUw2aT5H9rxZndLRf1jJXfMGXqaQaqP7NXJj1eQac2ZzFvhbJLwsOj4PPsJWi3:DG1M6TVx
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence