9489a3b73a1a57412c6b16dc3972563469da3b5fefbf5603017b70956dfb0fe6 | Triage

Sharing

General

Target

9489a3b73a1a57412c6b16dc3972563469da3b5fefbf5603017b70956dfb0fe6
Size

248KB
Sample

221127-enejdacd91
MD5

6828479a089c1d86b084c76fe556db34
SHA1

641fb9a40cfd11a441dc82bea1b18952accd4e4a
SHA256

9489a3b73a1a57412c6b16dc3972563469da3b5fefbf5603017b70956dfb0fe6
SHA512

686b48beed869e02140af6e1f41cd59f7cc6577e50858f7add9a5ee411281808fdb2c09f1637254133487a7baf674676227f6d1c05b5bba3d737b132c75de9fe
SSDEEP

6144:DZmRCDAl/iZXvlkWDDqSZdl3AGdMCsHU/:DcRCDMAeW/Tl3AGdM7HE

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9489a3b73a1a57412c6b16dc3972563469da3b5fefbf5603017b70956dfb0fe6
- Size
  
  248KB
- MD5
  
  6828479a089c1d86b084c76fe556db34
- SHA1
  
  641fb9a40cfd11a441dc82bea1b18952accd4e4a
- SHA256
  
  9489a3b73a1a57412c6b16dc3972563469da3b5fefbf5603017b70956dfb0fe6
- SHA512
  
  686b48beed869e02140af6e1f41cd59f7cc6577e50858f7add9a5ee411281808fdb2c09f1637254133487a7baf674676227f6d1c05b5bba3d737b132c75de9fe
- SSDEEP
  
  6144:DZmRCDAl/iZXvlkWDDqSZdl3AGdMCsHU/:DcRCDMAeW/Tl3AGdM7HE
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence