0725dae7695cbb42716764cf9c777d2f01719c56658eab35bac6a2231a2a7e82 | Triage

Sharing

General

Target

0725dae7695cbb42716764cf9c777d2f01719c56658eab35bac6a2231a2a7e82
Size

43KB
Sample

221126-knc87sab81
MD5

1362c69006f0d2031a23a5f9ac64f9ec
SHA1

d764c72a35d4ceb0a4fd8c048ad073da3c9c4b5c
SHA256

0725dae7695cbb42716764cf9c777d2f01719c56658eab35bac6a2231a2a7e82
SHA512

5bcd7abb8daf645e81e1fce3025f3c4288a9469080f121b4122102cd27c6bb7269541571f48bd6c82476d29f3cc99b5ffb70809cba20809dafed7b3e1db3e081
SSDEEP

768:RqJxn8eLSpJSs0u7IrK9dT62gb58126HAjHtU2qvtO1a58t1ZReNTorIHCCjPkaK:kmdbdHQmaLfejHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  0725dae7695cbb42716764cf9c777d2f01719c56658eab35bac6a2231a2a7e82
- Size
  
  43KB
- MD5
  
  1362c69006f0d2031a23a5f9ac64f9ec
- SHA1
  
  d764c72a35d4ceb0a4fd8c048ad073da3c9c4b5c
- SHA256
  
  0725dae7695cbb42716764cf9c777d2f01719c56658eab35bac6a2231a2a7e82
- SHA512
  
  5bcd7abb8daf645e81e1fce3025f3c4288a9469080f121b4122102cd27c6bb7269541571f48bd6c82476d29f3cc99b5ffb70809cba20809dafed7b3e1db3e081
- SSDEEP
  
  768:RqJxn8eLSpJSs0u7IrK9dT62gb58126HAjHtU2qvtO1a58t1ZReNTorIHCCjPkaK:kmdbdHQmaLfejHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence