General

  • Target

    72222e79717120fe42edbb6d1fd06d7f49cb1fc8d35d3b2bd9549dbd40b39ab1

  • Size

    43KB

  • Sample

    221129-xajv2she6v

  • MD5

    199187246ca06d091f9799beecab3f30

  • SHA1

    a42c8804a2edea04f2853551b87f793ba338394b

  • SHA256

    72222e79717120fe42edbb6d1fd06d7f49cb1fc8d35d3b2bd9549dbd40b39ab1

  • SHA512

    cee17c6475784a502391641fcf7d34c2100c2b3305055af9ead68f6383ecc04d4431c57b3d08773fdab0dc76f7335233ea7faf3007fe91a82e9fecfb340c26c6

  • SSDEEP

    768:7mD/1865QbrS+eUfOrm9uTx22R581J6H2jHeAqvtK18/Il1DxcNdGHuHCCjPka17:EKuchsm02blcRHCCrk

Score
8/10

Malware Config

Targets

    • Target

      72222e79717120fe42edbb6d1fd06d7f49cb1fc8d35d3b2bd9549dbd40b39ab1

    • Size

      43KB

    • MD5

      199187246ca06d091f9799beecab3f30

    • SHA1

      a42c8804a2edea04f2853551b87f793ba338394b

    • SHA256

      72222e79717120fe42edbb6d1fd06d7f49cb1fc8d35d3b2bd9549dbd40b39ab1

    • SHA512

      cee17c6475784a502391641fcf7d34c2100c2b3305055af9ead68f6383ecc04d4431c57b3d08773fdab0dc76f7335233ea7faf3007fe91a82e9fecfb340c26c6

    • SSDEEP

      768:7mD/1865QbrS+eUfOrm9uTx22R581J6H2jHeAqvtK18/Il1DxcNdGHuHCCjPka17:EKuchsm02blcRHCCrk

    Score
    8/10
    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks