62da5356ebe3c7b495c6b565fe9ddf703fe9042527dc5761fbb38f2f68cf0993 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

62da5356ebe3c7b495c6b565fe9ddf703fe9042527dc5761fbb38f2f68cf0993
Size

47KB
Sample

221201-ehtq4sfg2z
MD5

7eccfa4094002abc7757d9f5e16c2f00
SHA1

dec75375036ec76b9238a67273606d31b3f4cef6
SHA256

62da5356ebe3c7b495c6b565fe9ddf703fe9042527dc5761fbb38f2f68cf0993
SHA512

cd4e30deec106c7713dc1135404c939cda0265c4a0e9c9d8c33cfd63cecb09ab56706e349f961090535dc7e9f4dd91db0fb2e536e703026a0d10f4b705e43b20
SSDEEP

768:eJcFA585rzIHEjQgcapQB2wKfv81ZlH/GHDBfAV1A8D1mRyFvPfsO2HsCjPkai45:LEqpZAbqq/rpFcHsCrkM

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  62da5356ebe3c7b495c6b565fe9ddf703fe9042527dc5761fbb38f2f68cf0993
- Size
  
  47KB
- MD5
  
  7eccfa4094002abc7757d9f5e16c2f00
- SHA1
  
  dec75375036ec76b9238a67273606d31b3f4cef6
- SHA256
  
  62da5356ebe3c7b495c6b565fe9ddf703fe9042527dc5761fbb38f2f68cf0993
- SHA512
  
  cd4e30deec106c7713dc1135404c939cda0265c4a0e9c9d8c33cfd63cecb09ab56706e349f961090535dc7e9f4dd91db0fb2e536e703026a0d10f4b705e43b20
- SSDEEP
  
  768:eJcFA585rzIHEjQgcapQB2wKfv81ZlH/GHDBfAV1A8D1mRyFvPfsO2HsCjPkai45:LEqpZAbqq/rpFcHsCrkM
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence