84dbb0558dc83c4e32616f1c999b38cb189540cd856bf485c5aa32942146adcf | Triage

Sharing

General

Target

84dbb0558dc83c4e32616f1c999b38cb189540cd856bf485c5aa32942146adcf
Size

45KB
Sample

221201-cqgemsac8z
MD5

1653861178d763a3039f73d7a6acadc0
SHA1

c8f1217bbba699216f2c0a6359d7a66ab1f9244e
SHA256

84dbb0558dc83c4e32616f1c999b38cb189540cd856bf485c5aa32942146adcf
SHA512

2c6772f5b0e8c5ed90f19255a1ee6fdbb576aaa1cce6d2d5a9265e00c9ecbb6cf8e6a7b16c365683a0719d66f363cbedf2d81303579549109f51e9e251392fd4
SSDEEP

768:vjIvXRsW15A8G8xalxZLxR4aNpAuoWs0ljFtlfFz+XMeH95XfJBvcxxznnnnnnnO:xmA8G8xalfTX4kjF3tz+XR95XhSznnnn

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  84dbb0558dc83c4e32616f1c999b38cb189540cd856bf485c5aa32942146adcf
- Size
  
  45KB
- MD5
  
  1653861178d763a3039f73d7a6acadc0
- SHA1
  
  c8f1217bbba699216f2c0a6359d7a66ab1f9244e
- SHA256
  
  84dbb0558dc83c4e32616f1c999b38cb189540cd856bf485c5aa32942146adcf
- SHA512
  
  2c6772f5b0e8c5ed90f19255a1ee6fdbb576aaa1cce6d2d5a9265e00c9ecbb6cf8e6a7b16c365683a0719d66f363cbedf2d81303579549109f51e9e251392fd4
- SSDEEP
  
  768:vjIvXRsW15A8G8xalxZLxR4aNpAuoWs0ljFtlfFz+XMeH95XfJBvcxxznnnnnnnO:xmA8G8xalfTX4kjF3tz+XR95XhSznnnn
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence