da29bee79d07e276d69b0172dee30126d9a9703ea32834c7a69b4471d053bd0e | Triage

Sharing

General

Target

da29bee79d07e276d69b0172dee30126d9a9703ea32834c7a69b4471d053bd0e
Size

248KB
Sample

221127-mr477seg2t
MD5

ccd913a0f97c71e0021b7c303c275afd
SHA1

02205946de9cd83265999fd6368c381fc6e26915
SHA256

da29bee79d07e276d69b0172dee30126d9a9703ea32834c7a69b4471d053bd0e
SHA512

5ccab6b98158cdc1f2f6afb297e1739627f368f83b85237e4a62416e1cb39b67d73227d9a56e58ebdcff18f5cd46c2d4449b473593344d313149c520e6713671
SSDEEP

3072:VFQW79/EaK4aHHdrknIKMnVOUOPIncj2Un3o3eBACK6:VFQRHdonIVnV502U86

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  da29bee79d07e276d69b0172dee30126d9a9703ea32834c7a69b4471d053bd0e
- Size
  
  248KB
- MD5
  
  ccd913a0f97c71e0021b7c303c275afd
- SHA1
  
  02205946de9cd83265999fd6368c381fc6e26915
- SHA256
  
  da29bee79d07e276d69b0172dee30126d9a9703ea32834c7a69b4471d053bd0e
- SHA512
  
  5ccab6b98158cdc1f2f6afb297e1739627f368f83b85237e4a62416e1cb39b67d73227d9a56e58ebdcff18f5cd46c2d4449b473593344d313149c520e6713671
- SSDEEP
  
  3072:VFQW79/EaK4aHHdrknIKMnVOUOPIncj2Un3o3eBACK6:VFQRHdonIVnV502U86
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence