724f8520d99a55f5c75d3ca2f459b52666b1f17b251ba68b263074c81c12e1cd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

724f8520d99a55f5c75d3ca2f459b52666b1f17b251ba68b263074c81c12e1cd
Size

60KB
Sample

221201-d4w8paba83
MD5

c55ab28ce79cad1eed364855a04cb730
SHA1

ec41a439f453bab0d9d5a674cd2ebbfb1dbe050a
SHA256

724f8520d99a55f5c75d3ca2f459b52666b1f17b251ba68b263074c81c12e1cd
SHA512

ec4b7b6e75504887c8c9968df99af357cd6b859bac8772b7afb2107e3c2a3a362604daadf2d7711dc3d635d23d9ce63fbc898a0236bf41aae0b11b7281b2f050
SSDEEP

768:E/RdnCmIJNy9J6eBj4nQNMYOgULYHga2M5LgPKC5FKjcy6+KKKKKKKKKKKKKKiKf:KCmIPy/zBUQlPULYHga2M52/5a6OJ

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  724f8520d99a55f5c75d3ca2f459b52666b1f17b251ba68b263074c81c12e1cd
- Size
  
  60KB
- MD5
  
  c55ab28ce79cad1eed364855a04cb730
- SHA1
  
  ec41a439f453bab0d9d5a674cd2ebbfb1dbe050a
- SHA256
  
  724f8520d99a55f5c75d3ca2f459b52666b1f17b251ba68b263074c81c12e1cd
- SHA512
  
  ec4b7b6e75504887c8c9968df99af357cd6b859bac8772b7afb2107e3c2a3a362604daadf2d7711dc3d635d23d9ce63fbc898a0236bf41aae0b11b7281b2f050
- SSDEEP
  
  768:E/RdnCmIJNy9J6eBj4nQNMYOgULYHga2M5LgPKC5FKjcy6+KKKKKKKKKKKKKKiKf:KCmIPy/zBUQlPULYHga2M52/5a6OJ
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence