4478ef560a98779a2d73c095703f115115403c1685bac72c71ca3dae44ceb955 | Triage

Sharing

General

Target

4478ef560a98779a2d73c095703f115115403c1685bac72c71ca3dae44ceb955
Size

91KB
Sample

221126-b8kz4sda72
MD5

824680197c3fe2adb6f0b7f136dc31f8
SHA1

503c15bfd9cd22f25fedb4ba4f2b48ceb789fab0
SHA256

4478ef560a98779a2d73c095703f115115403c1685bac72c71ca3dae44ceb955
SHA512

2428a3f5b816f2e464dfd9cb4ec82ac8d6a254a75a9eb03967e7a751cf91b236b53ecf9a84341cc6ad9a771efbb06fb51cecdc5474551dda0ce4dfac774f9f56
SSDEEP

1536:hT1SKWAvbAEWtKUtWxR8B158ErIJXXPbWERq2ed/RFbXngr0/Ekzwzwzwzwzwzwy:d1SkTAfEFsTGq2edXbiiiiiiiiO

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  4478ef560a98779a2d73c095703f115115403c1685bac72c71ca3dae44ceb955
- Size
  
  91KB
- MD5
  
  824680197c3fe2adb6f0b7f136dc31f8
- SHA1
  
  503c15bfd9cd22f25fedb4ba4f2b48ceb789fab0
- SHA256
  
  4478ef560a98779a2d73c095703f115115403c1685bac72c71ca3dae44ceb955
- SHA512
  
  2428a3f5b816f2e464dfd9cb4ec82ac8d6a254a75a9eb03967e7a751cf91b236b53ecf9a84341cc6ad9a771efbb06fb51cecdc5474551dda0ce4dfac774f9f56
- SSDEEP
  
  1536:hT1SKWAvbAEWtKUtWxR8B158ErIJXXPbWERq2ed/RFbXngr0/Ekzwzwzwzwzwzwy:d1SkTAfEFsTGq2edXbiiiiiiiiO
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence