0de21e4e566f35d8ce3b060c9fc09e0fde04e3ef016c0f8d2e4a68f584f2dcb2 | Triage

Sharing

General

Target

0de21e4e566f35d8ce3b060c9fc09e0fde04e3ef016c0f8d2e4a68f584f2dcb2
Size

43KB
Sample

221126-kncmnsab8z
MD5

b3b7928df11b3aaec19591b4e3b7b46a
SHA1

0476371c4c6a11ba1cb345df83645b88c49001af
SHA256

0de21e4e566f35d8ce3b060c9fc09e0fde04e3ef016c0f8d2e4a68f584f2dcb2
SHA512

0a329afee4c977e60db155fb3cba84441621c25524f88ae6e3b83957c2458521845269f98c059ecd2eb0e4f580b74ceb43ef05c4d1f89feaf2100962f760b869
SSDEEP

768:Ki/Pl86Jgr/SuuEf+rG9WTnu2GB581M6HDjH+Qqvtq1ssIl1qd46QBMNMp2mF6H2:5WWbrBJPE22qd4lBMxHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  0de21e4e566f35d8ce3b060c9fc09e0fde04e3ef016c0f8d2e4a68f584f2dcb2
- Size
  
  43KB
- MD5
  
  b3b7928df11b3aaec19591b4e3b7b46a
- SHA1
  
  0476371c4c6a11ba1cb345df83645b88c49001af
- SHA256
  
  0de21e4e566f35d8ce3b060c9fc09e0fde04e3ef016c0f8d2e4a68f584f2dcb2
- SHA512
  
  0a329afee4c977e60db155fb3cba84441621c25524f88ae6e3b83957c2458521845269f98c059ecd2eb0e4f580b74ceb43ef05c4d1f89feaf2100962f760b869
- SSDEEP
  
  768:Ki/Pl86Jgr/SuuEf+rG9WTnu2GB581M6HDjH+Qqvtq1ssIl1qd46QBMNMp2mF6H2:5WWbrBJPE22qd4lBMxHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence