5afada6de45af6f133aac68797942053e0a2950bb1b04cba4f0dc02fc82111c9 | Triage

Sharing

General

Target

5afada6de45af6f133aac68797942053e0a2950bb1b04cba4f0dc02fc82111c9
Size

306KB
Sample

221201-3l17cscd62
MD5

51b5fede0b362b530cf40a08f15ba098
SHA1

a1dcb7c431eb729a5c7ebd92092abf491e19698f
SHA256

5afada6de45af6f133aac68797942053e0a2950bb1b04cba4f0dc02fc82111c9
SHA512

92c5e8625ffee6289a3a709db868608c7acdac202b936cbfff86655064085f2cf54b7cf4e7efaab7761ad820f152752fe30b94782ce91c65c356011c8c5625e2
SSDEEP

6144:fg/ksvhuWTcdnScMJh7lD69drYrMfQicCS28534I4r8c:V/MJ36aMfQ1A85oI4Qc

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  5afada6de45af6f133aac68797942053e0a2950bb1b04cba4f0dc02fc82111c9
- Size
  
  306KB
- MD5
  
  51b5fede0b362b530cf40a08f15ba098
- SHA1
  
  a1dcb7c431eb729a5c7ebd92092abf491e19698f
- SHA256
  
  5afada6de45af6f133aac68797942053e0a2950bb1b04cba4f0dc02fc82111c9
- SHA512
  
  92c5e8625ffee6289a3a709db868608c7acdac202b936cbfff86655064085f2cf54b7cf4e7efaab7761ad820f152752fe30b94782ce91c65c356011c8c5625e2
- SSDEEP
  
  6144:fg/ksvhuWTcdnScMJh7lD69drYrMfQicCS28534I4r8c:V/MJ36aMfQ1A85oI4Qc
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2