General

  • Target

    21811fa8e34587a4ea8fd645dc6e29d5e5c7a09ba04174c40c33ed61bbc335f1

  • Size

    530KB

  • Sample

    221127-t2n3asbh46

  • MD5

    bda86539e4d6989fada77aeb10f99578

  • SHA1

    4c0364571a6a047bb365cba500590dc53ee3d362

  • SHA256

    21811fa8e34587a4ea8fd645dc6e29d5e5c7a09ba04174c40c33ed61bbc335f1

  • SHA512

    ccdaf734b4775b600ead364768a6f8aa42829cc5030fffbc155ea9c968f4eca79abeb3675c075b810831e302a403e66dc4aaab4b710d7d0f123243b83f6e587c

  • SSDEEP

    12288:Ac3qRM7ydh8Sy4eFVG54yiDgilSkk3kH37oPvqu69:JcM7SJy4eFVvyiDDZyS

Score
8/10

Malware Config

Targets

    • Target

      21811fa8e34587a4ea8fd645dc6e29d5e5c7a09ba04174c40c33ed61bbc335f1

    • Size

      530KB

    • MD5

      bda86539e4d6989fada77aeb10f99578

    • SHA1

      4c0364571a6a047bb365cba500590dc53ee3d362

    • SHA256

      21811fa8e34587a4ea8fd645dc6e29d5e5c7a09ba04174c40c33ed61bbc335f1

    • SHA512

      ccdaf734b4775b600ead364768a6f8aa42829cc5030fffbc155ea9c968f4eca79abeb3675c075b810831e302a403e66dc4aaab4b710d7d0f123243b83f6e587c

    • SSDEEP

      12288:Ac3qRM7ydh8Sy4eFVG54yiDgilSkk3kH37oPvqu69:JcM7SJy4eFVvyiDDZyS

    Score
    8/10
    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks