13c8c01821d44c2a14611f45f5eb2621a0786790f522fa1a6c4cd708b5343012 | Triage

Sharing

General

Target

13c8c01821d44c2a14611f45f5eb2621a0786790f522fa1a6c4cd708b5343012
Size

577KB
Sample

221127-t6rnzscc29
MD5

91ce712b575a68775f453bcfb08b1d60
SHA1

623c8ddbb6b32ba05f6e112f0c08616dcca6da3e
SHA256

13c8c01821d44c2a14611f45f5eb2621a0786790f522fa1a6c4cd708b5343012
SHA512

1e84336e8c6e3529ac57ccd6191c1ee09204d93ae053247c3ea56afb340c8c741437ea7ebddf78d8c84420593c68bcad62f6de142a086dae00620de0442da964
SSDEEP

6144:klGGICcLMOTc/9O9t3HCGYeyeI3TZ+Y8x9AD1GHtZ:K8HJYPTNN+

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  13c8c01821d44c2a14611f45f5eb2621a0786790f522fa1a6c4cd708b5343012
- Size
  
  577KB
- MD5
  
  91ce712b575a68775f453bcfb08b1d60
- SHA1
  
  623c8ddbb6b32ba05f6e112f0c08616dcca6da3e
- SHA256
  
  13c8c01821d44c2a14611f45f5eb2621a0786790f522fa1a6c4cd708b5343012
- SHA512
  
  1e84336e8c6e3529ac57ccd6191c1ee09204d93ae053247c3ea56afb340c8c741437ea7ebddf78d8c84420593c68bcad62f6de142a086dae00620de0442da964
- SSDEEP
  
  6144:klGGICcLMOTc/9O9t3HCGYeyeI3TZ+Y8x9AD1GHtZ:K8HJYPTNN+
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence