770705bc723d39bcc800ed1debfba6c492d5c815a74219b6d6dc41a911576e23 | Triage

Sharing

General

Target

770705bc723d39bcc800ed1debfba6c492d5c815a74219b6d6dc41a911576e23
Size

73KB
Sample

221201-2m7j4ace4y
MD5

4b085eaee028688465987024bfca5f7b
SHA1

84ddb80dbb7fb6cddf0fcc9a17a683e828e16ed8
SHA256

770705bc723d39bcc800ed1debfba6c492d5c815a74219b6d6dc41a911576e23
SHA512

f34510cd4f9e455e3ca982fd2c5f394c9f279c6687ebcbbc64a7ad88960c4a296fcf4e9d3d8c48dc1e313c528994021e1cc03ee317e5da7431c741a89ccf93d4
SSDEEP

1536:rZqCO2BfXgTjwwy4rsp8JzEi5o0FfmGsG7rW/raJ90Qg8bd:rU2NgVnEQomlrW/cPgcd

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  770705bc723d39bcc800ed1debfba6c492d5c815a74219b6d6dc41a911576e23
- Size
  
  73KB
- MD5
  
  4b085eaee028688465987024bfca5f7b
- SHA1
  
  84ddb80dbb7fb6cddf0fcc9a17a683e828e16ed8
- SHA256
  
  770705bc723d39bcc800ed1debfba6c492d5c815a74219b6d6dc41a911576e23
- SHA512
  
  f34510cd4f9e455e3ca982fd2c5f394c9f279c6687ebcbbc64a7ad88960c4a296fcf4e9d3d8c48dc1e313c528994021e1cc03ee317e5da7431c741a89ccf93d4
- SSDEEP
  
  1536:rZqCO2BfXgTjwwy4rsp8JzEi5o0FfmGsG7rW/raJ90Qg8bd:rU2NgVnEQomlrW/cPgcd
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence