4af7c72253f706a407b2e7e476bc760a25f18cb644a4049b467257953165a5fc | Triage

Sharing

General

Target

4af7c72253f706a407b2e7e476bc760a25f18cb644a4049b467257953165a5fc
Size

480KB
Sample

221128-g2xcfsfh9y
MD5

7a478a60432a2f6ba70d08f35316e281
SHA1

b6cf341f272c62643fc098c81f5bf29cb4b7dbc8
SHA256

4af7c72253f706a407b2e7e476bc760a25f18cb644a4049b467257953165a5fc
SHA512

81553c0e54f420e137aadd472d8b15cc026d9db87726182591f090dcfe00d471a11881786b8e9173ae436877c14221637bcfd1d02f318a3b42fdc854abc2b250
SSDEEP

6144:x3iivPlrTo8JNYWfaWIjmyp+2z93DqvSG54AIH:UilJNYvLEE9WKAIH

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  4af7c72253f706a407b2e7e476bc760a25f18cb644a4049b467257953165a5fc
- Size
  
  480KB
- MD5
  
  7a478a60432a2f6ba70d08f35316e281
- SHA1
  
  b6cf341f272c62643fc098c81f5bf29cb4b7dbc8
- SHA256
  
  4af7c72253f706a407b2e7e476bc760a25f18cb644a4049b467257953165a5fc
- SHA512
  
  81553c0e54f420e137aadd472d8b15cc026d9db87726182591f090dcfe00d471a11881786b8e9173ae436877c14221637bcfd1d02f318a3b42fdc854abc2b250
- SSDEEP
  
  6144:x3iivPlrTo8JNYWfaWIjmyp+2z93DqvSG54AIH:UilJNYvLEE9WKAIH
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence