5f21eb1a00c84324df35e224345398d09493f91f7ef21debf89df505b9df8794 | Triage

Sharing

General

Target

5f21eb1a00c84324df35e224345398d09493f91f7ef21debf89df505b9df8794
Size

255KB
Sample

221126-b86a2sda89
MD5

e0ce4a5db56783fbe228a015266188e8
SHA1

fe61b290f59412589ac8b439b40b60a8d3b8bb0a
SHA256

5f21eb1a00c84324df35e224345398d09493f91f7ef21debf89df505b9df8794
SHA512

6160f1508613efa5c22ec10f4365eca586ea8721af3aadaa68a86a8d71622add5ad6120b7cda96506c0bab17595b4fc015dfd28a800a4e3a358c8b52a63d05b5
SSDEEP

768:7fdqREaxxExy81dl37V2bFBbUVmIErLtS+XnyTe7nNZ2OhACE3zLSMSB72GPKJre:67fhfV

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  5f21eb1a00c84324df35e224345398d09493f91f7ef21debf89df505b9df8794
- Size
  
  255KB
- MD5
  
  e0ce4a5db56783fbe228a015266188e8
- SHA1
  
  fe61b290f59412589ac8b439b40b60a8d3b8bb0a
- SHA256
  
  5f21eb1a00c84324df35e224345398d09493f91f7ef21debf89df505b9df8794
- SHA512
  
  6160f1508613efa5c22ec10f4365eca586ea8721af3aadaa68a86a8d71622add5ad6120b7cda96506c0bab17595b4fc015dfd28a800a4e3a358c8b52a63d05b5
- SSDEEP
  
  768:7fdqREaxxExy81dl37V2bFBbUVmIErLtS+XnyTe7nNZ2OhACE3zLSMSB72GPKJre:67fhfV
Score

8^/10

evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2