8bed0a1984bb6d5a976fbedc736fe2a71048fc633f54d5286f0d0c1cc963eef2 | Triage

Sharing

General

Target

8bed0a1984bb6d5a976fbedc736fe2a71048fc633f54d5286f0d0c1cc963eef2
Size

69KB
Sample

221126-khhlqshh9x
MD5

17887b088376c4c22440b1e3fa6e62cc
SHA1

969be135099bdb5d34996a91137b51ab407cf50b
SHA256

8bed0a1984bb6d5a976fbedc736fe2a71048fc633f54d5286f0d0c1cc963eef2
SHA512

9ad33b12561374d433a23c19988b71ae61ba7f9dbc23c7c22f13f994b2d4e749dc4932628b84ce67d4e7b69ffd7c0b8925ecb0735043ef110c1a5a331e987273
SSDEEP

1536:JkTQy7RI8vUnOil3EWQCsITAunkNWcLy94zOPXUZNa:JkTQy6VBDQC1TAukkkyezCUW

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  8bed0a1984bb6d5a976fbedc736fe2a71048fc633f54d5286f0d0c1cc963eef2
- Size
  
  69KB
- MD5
  
  17887b088376c4c22440b1e3fa6e62cc
- SHA1
  
  969be135099bdb5d34996a91137b51ab407cf50b
- SHA256
  
  8bed0a1984bb6d5a976fbedc736fe2a71048fc633f54d5286f0d0c1cc963eef2
- SHA512
  
  9ad33b12561374d433a23c19988b71ae61ba7f9dbc23c7c22f13f994b2d4e749dc4932628b84ce67d4e7b69ffd7c0b8925ecb0735043ef110c1a5a331e987273
- SSDEEP
  
  1536:JkTQy7RI8vUnOil3EWQCsITAunkNWcLy94zOPXUZNa:JkTQy6VBDQC1TAukkkyezCUW
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence