bcd602952153b38d9d6be3f44726bbaf92e816a49c40445f1f4f86b89569fdc4 | Triage

Sharing

General

Target

bcd602952153b38d9d6be3f44726bbaf92e816a49c40445f1f4f86b89569fdc4
Size

188KB
Sample

221127-sgpyesbb9x
MD5

72329d99c7ee3f21b6bd3745609f6257
SHA1

db5abe7a6da2dee62f78d09121e8207e85d323ce
SHA256

bcd602952153b38d9d6be3f44726bbaf92e816a49c40445f1f4f86b89569fdc4
SHA512

93572d157e28364d475817ed3c89c5ef22cf5e65be7faa8246bc6403055bb2a5d592046f2bf6f8b778950ce0ba556beb4f9ff498f5bb39453ea6ae393d1550f8
SSDEEP

3072:NTmXiYnrRVfOr3ycLoM6svCYel/2jdN2T/s7kADiZG0Y/vTLfR7w0atLOUp:NTpYnnqNoMfCYewX2T/s7kKTx57Ti

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  bcd602952153b38d9d6be3f44726bbaf92e816a49c40445f1f4f86b89569fdc4
- Size
  
  188KB
- MD5
  
  72329d99c7ee3f21b6bd3745609f6257
- SHA1
  
  db5abe7a6da2dee62f78d09121e8207e85d323ce
- SHA256
  
  bcd602952153b38d9d6be3f44726bbaf92e816a49c40445f1f4f86b89569fdc4
- SHA512
  
  93572d157e28364d475817ed3c89c5ef22cf5e65be7faa8246bc6403055bb2a5d592046f2bf6f8b778950ce0ba556beb4f9ff498f5bb39453ea6ae393d1550f8
- SSDEEP
  
  3072:NTmXiYnrRVfOr3ycLoM6svCYel/2jdN2T/s7kADiZG0Y/vTLfR7w0atLOUp:NTpYnnqNoMfCYewX2T/s7kKTx57Ti
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence