89fb43a1dfdcdd87cc6d0f805c09ef3727736579607840595d4a9b0516fb2bec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89fb43a1dfdcdd87cc6d0f805c09ef3727736579607840595d4a9b0516fb2bec
Size

43KB
Sample

221201-b843zsgg9s
MD5

dc10e43ccb2083e2bed296e86d305220
SHA1

3e94e19a4566bcd7ace9e67fdfdb754d23edfcb6
SHA256

89fb43a1dfdcdd87cc6d0f805c09ef3727736579607840595d4a9b0516fb2bec
SHA512

5e402499cec54748c4452a2774c059a4281638ad4f4eecaa20a2c9d070c17e83a062a7c6fb87ede4457eb40cdf57bb4253e1c495a03e72942257a4c63b194e6f
SSDEEP

768:jojeiaDozcWiTM+zn9H0WQCYD7XHKQKNSfVk68C02J/mKm2SAacpefO3SInkV1:EamcjM+zn9H0WQCYD7XHKQKg9k68CjhQ

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  89fb43a1dfdcdd87cc6d0f805c09ef3727736579607840595d4a9b0516fb2bec
- Size
  
  43KB
- MD5
  
  dc10e43ccb2083e2bed296e86d305220
- SHA1
  
  3e94e19a4566bcd7ace9e67fdfdb754d23edfcb6
- SHA256
  
  89fb43a1dfdcdd87cc6d0f805c09ef3727736579607840595d4a9b0516fb2bec
- SHA512
  
  5e402499cec54748c4452a2774c059a4281638ad4f4eecaa20a2c9d070c17e83a062a7c6fb87ede4457eb40cdf57bb4253e1c495a03e72942257a4c63b194e6f
- SSDEEP
  
  768:jojeiaDozcWiTM+zn9H0WQCYD7XHKQKNSfVk68C02J/mKm2SAacpefO3SInkV1:EamcjM+zn9H0WQCYD7XHKQKg9k68CjhQ
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence