19a527964d791455a0b24b904962ba9267eb9c47c337a2a34eb97d77302548f8 | Triage

Sharing

General

Target

19a527964d791455a0b24b904962ba9267eb9c47c337a2a34eb97d77302548f8
Size

43KB
Sample

221126-knbqdaab8x
MD5

d6aa3f866713a446f464542cc36caa87
SHA1

54854abc0892e096be0d4e72c248a372eedf0e25
SHA256

19a527964d791455a0b24b904962ba9267eb9c47c337a2a34eb97d77302548f8
SHA512

af6c8f1a15a317799d463b00cdc84ba8d5d9fb6ac1a76e334af37fc6ac242b00180fd18ea0515f47b328a6ad55080ba9f7b550e2fd082bfed48c74a5ced2930e
SSDEEP

768:aUHDZ8y9MHHSqSwfSre9WTZ2S1581N6HUjHPSqvtK1o7Mr1PTEN5a38HCCjPka66:faWE5o81W1bEDHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  19a527964d791455a0b24b904962ba9267eb9c47c337a2a34eb97d77302548f8
- Size
  
  43KB
- MD5
  
  d6aa3f866713a446f464542cc36caa87
- SHA1
  
  54854abc0892e096be0d4e72c248a372eedf0e25
- SHA256
  
  19a527964d791455a0b24b904962ba9267eb9c47c337a2a34eb97d77302548f8
- SHA512
  
  af6c8f1a15a317799d463b00cdc84ba8d5d9fb6ac1a76e334af37fc6ac242b00180fd18ea0515f47b328a6ad55080ba9f7b550e2fd082bfed48c74a5ced2930e
- SSDEEP
  
  768:aUHDZ8y9MHHSqSwfSre9WTZ2S1581N6HUjHPSqvtK1o7Mr1PTEN5a38HCCjPka66:faWE5o81W1bEDHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence