227b843569b7fd71ce7cbed69b3091b36a1adf3e2ed60301231362182f929182 | Triage

Sharing

General

Target

227b843569b7fd71ce7cbed69b3091b36a1adf3e2ed60301231362182f929182
Size

16KB
Sample

221126-knas3sab8v
MD5

c196b69e6ac8052bbacec39b5e5ecc1e
SHA1

a0ddc58885233b80616047397ea86c4c5d69a8f9
SHA256

227b843569b7fd71ce7cbed69b3091b36a1adf3e2ed60301231362182f929182
SHA512

85275e2a3f0f552c77a7dc43f19aede4af516ea5e8b7263af34a2d55b28cac2ce54f560f1fb7d0e0a59934ab842e2b98dd5912ec6bb268158681b4170511a1af
SSDEEP

384:8SgISIsdWHePFQEMuH5F3S1B/R+skc+yuLam+ldtHz:rgLdJxbi4rjNLktHz

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  hacked accont paypal.exe
- Size
  
  43KB
- MD5
  
  553a81af8c5cda57ba508dd0ec18fec6
- SHA1
  
  421ca07901207ae99ee6bde2ce35598ac23cb1fa
- SHA256
  
  f703138e8be433ac0ad2d7956bd6c1c6c07628cd270f35729f6c729936e0dbd0
- SHA512
  
  5c8bef86dbc890746d9145c72c2549bda3a5ff6bad59974fb317420ccde52f3571ed0817debe9904be015393526be677a47ebe5911816b87c66edae3db62d10e
- SSDEEP
  
  768:kO05/8+zaBGSkMWAbDrq9OT+2I45c1r6H8jHywqvtu1iR4r103aNzwrDHCCjPkaV:KMmOnMKUgK9EaYHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence