0c87f17b62057c830525adad8440b0efe8887331679ad8ed2fe79cf72ec71cba | Triage

Sharing

General

Target

0c87f17b62057c830525adad8440b0efe8887331679ad8ed2fe79cf72ec71cba
Size

459KB
Sample

221127-27wnbsfd38
MD5

42cc3e2d2916e8070a600e0b1e40719e
SHA1

97cf79bba768728bc9db42a926b461ce61221462
SHA256

0c87f17b62057c830525adad8440b0efe8887331679ad8ed2fe79cf72ec71cba
SHA512

79b2cd07cf5a91b35798d0b93cd22676e9d16fe2b1486038c2e5bdff09af46aec79a63ef758efdcc838c3b0c97a624044d806d15eded960b4e3ec89dc18b5a15
SSDEEP

6144:zmvqQMtcbmF4Wl/6WvSWNYuO7Ta8R1ViztIPSogocPi4lzD3shiw3M0ea:SyPFvl/6Wx+HGz/dowvnOM4

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  0c87f17b62057c830525adad8440b0efe8887331679ad8ed2fe79cf72ec71cba
- Size
  
  459KB
- MD5
  
  42cc3e2d2916e8070a600e0b1e40719e
- SHA1
  
  97cf79bba768728bc9db42a926b461ce61221462
- SHA256
  
  0c87f17b62057c830525adad8440b0efe8887331679ad8ed2fe79cf72ec71cba
- SHA512
  
  79b2cd07cf5a91b35798d0b93cd22676e9d16fe2b1486038c2e5bdff09af46aec79a63ef758efdcc838c3b0c97a624044d806d15eded960b4e3ec89dc18b5a15
- SSDEEP
  
  6144:zmvqQMtcbmF4Wl/6WvSWNYuO7Ta8R1ViztIPSogocPi4lzD3shiw3M0ea:SyPFvl/6Wx+HGz/dowvnOM4
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence