e28c5297d0b141d2243aabce8d09c415da2b2f15a85215c6317b67ba7cfb8b0c | Triage

Sharing

General

Target

e28c5297d0b141d2243aabce8d09c415da2b2f15a85215c6317b67ba7cfb8b0c
Size

64KB
Sample

221201-kp7jfabg33
MD5

2780374d6b9ddb0574cf76c7e6f2fd10
SHA1

d3594e0791ac64acf102a8f9a2f6e839701de3ab
SHA256

e28c5297d0b141d2243aabce8d09c415da2b2f15a85215c6317b67ba7cfb8b0c
SHA512

83bc3ff52dd182e094247519c6744ccb7da9348553c6c0f5e625c48891cf255652bada3ef29cbaf8b07f5e0b060455d720f2f4e1ecbeebf4d0edd22c17a9c382
SSDEEP

1536:W2iaAUsY9KlxwaqTHB9vwlGiDOdxe2AqrC:WqZKl2pfwlgdyqrC

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  e28c5297d0b141d2243aabce8d09c415da2b2f15a85215c6317b67ba7cfb8b0c
- Size
  
  64KB
- MD5
  
  2780374d6b9ddb0574cf76c7e6f2fd10
- SHA1
  
  d3594e0791ac64acf102a8f9a2f6e839701de3ab
- SHA256
  
  e28c5297d0b141d2243aabce8d09c415da2b2f15a85215c6317b67ba7cfb8b0c
- SHA512
  
  83bc3ff52dd182e094247519c6744ccb7da9348553c6c0f5e625c48891cf255652bada3ef29cbaf8b07f5e0b060455d720f2f4e1ecbeebf4d0edd22c17a9c382
- SSDEEP
  
  1536:W2iaAUsY9KlxwaqTHB9vwlGiDOdxe2AqrC:WqZKl2pfwlgdyqrC
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence