b30e1e326ba2c6535ef7ecb35c3eda1bf3301cf756fc3f3622531a919eaf3c70 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b30e1e326ba2c6535ef7ecb35c3eda1bf3301cf756fc3f3622531a919eaf3c70
Size

252KB
Sample

221130-213s3agb91
MD5

93a9e19a6a3881f8b0001f0d0f5cd938
SHA1

b50fbb62f30f62f2d0035c0d961b83fd217d9ee9
SHA256

b30e1e326ba2c6535ef7ecb35c3eda1bf3301cf756fc3f3622531a919eaf3c70
SHA512

a537809c8fa9b18dde2236ef0f557227e8bb3aeeec469f0500a01c1e2d0f288b7e45fc6a2d8225b2ed7143e9d37e539796238c6afb4e0b7c1e9761f4492715e0
SSDEEP

3072:LoCyLCQMGWW4bwBZypklN3yoneIU/4HjBLPMQ/BN63huohY0XFqGXQt8jDsjbOLx:LoCyCG94bE/L2D

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  b30e1e326ba2c6535ef7ecb35c3eda1bf3301cf756fc3f3622531a919eaf3c70
- Size
  
  252KB
- MD5
  
  93a9e19a6a3881f8b0001f0d0f5cd938
- SHA1
  
  b50fbb62f30f62f2d0035c0d961b83fd217d9ee9
- SHA256
  
  b30e1e326ba2c6535ef7ecb35c3eda1bf3301cf756fc3f3622531a919eaf3c70
- SHA512
  
  a537809c8fa9b18dde2236ef0f557227e8bb3aeeec469f0500a01c1e2d0f288b7e45fc6a2d8225b2ed7143e9d37e539796238c6afb4e0b7c1e9761f4492715e0
- SSDEEP
  
  3072:LoCyLCQMGWW4bwBZypklN3yoneIU/4HjBLPMQ/BN63huohY0XFqGXQt8jDsjbOLx:LoCyCG94bE/L2D
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence