73dff0c07107da7dc8a00037509cd10f277dfef01884d62ffbcb40faf6e8e826 | Triage

Sharing

General

Target

73dff0c07107da7dc8a00037509cd10f277dfef01884d62ffbcb40faf6e8e826
Size

43KB
Sample

221129-xah9hsee29
MD5

c494de9e9a77b07ad0ae470b6e68a20e
SHA1

f4ed93992928e2da478ca70d61dc6fc25f6bb6a7
SHA256

73dff0c07107da7dc8a00037509cd10f277dfef01884d62ffbcb40faf6e8e826
SHA512

ae85cd6f2c87ba4c7b5c63688541dc8b83166f7ba4d86e86908c1e8f6fff749109b0811fcbc9b85c502f6a8c08f758f8634c30aefa1528df6de3d02002925b2d
SSDEEP

768:9UdNT8uX2d5SogqD0rK9GTW2Es5E1v6HatjHX8qvtG1GlIL19x2N/UT6HCCjPkaW:K6GvUmaxTitj2xHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  73dff0c07107da7dc8a00037509cd10f277dfef01884d62ffbcb40faf6e8e826
- Size
  
  43KB
- MD5
  
  c494de9e9a77b07ad0ae470b6e68a20e
- SHA1
  
  f4ed93992928e2da478ca70d61dc6fc25f6bb6a7
- SHA256
  
  73dff0c07107da7dc8a00037509cd10f277dfef01884d62ffbcb40faf6e8e826
- SHA512
  
  ae85cd6f2c87ba4c7b5c63688541dc8b83166f7ba4d86e86908c1e8f6fff749109b0811fcbc9b85c502f6a8c08f758f8634c30aefa1528df6de3d02002925b2d
- SSDEEP
  
  768:9UdNT8uX2d5SogqD0rK9GTW2Es5E1v6HatjHX8qvtG1GlIL19x2N/UT6HCCjPkaW:K6GvUmaxTitj2xHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence