cb658dfff002d0dc901b7e82a7f022ea2c741b575bd706775bd0b098e7075806 | Triage

Sharing

General

Target

cb658dfff002d0dc901b7e82a7f022ea2c741b575bd706775bd0b098e7075806
Size

58KB
Sample

221201-v7l1kacc84
MD5

c93704310fc2929d80f1e2d8ded3c7ca
SHA1

790d221e48fab6172987ee4f34d7fa06be7b7c57
SHA256

cb658dfff002d0dc901b7e82a7f022ea2c741b575bd706775bd0b098e7075806
SHA512

04efd839f864b707ad9e268b2d94a2e9059c0c98feb0f7181e459d1f667256625de808efee7b411e46b236fdda12e93fae298a3145c7be11ce4dc621e90f3199
SSDEEP

768:qqlRcLOBoGq8jkSuC0i/xTcgZWaz2gQZdReuEwTP/e4r2TzF7:qa4VGqa0i/x4yz25b9XTX7o7

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  cb658dfff002d0dc901b7e82a7f022ea2c741b575bd706775bd0b098e7075806
- Size
  
  58KB
- MD5
  
  c93704310fc2929d80f1e2d8ded3c7ca
- SHA1
  
  790d221e48fab6172987ee4f34d7fa06be7b7c57
- SHA256
  
  cb658dfff002d0dc901b7e82a7f022ea2c741b575bd706775bd0b098e7075806
- SHA512
  
  04efd839f864b707ad9e268b2d94a2e9059c0c98feb0f7181e459d1f667256625de808efee7b411e46b236fdda12e93fae298a3145c7be11ce4dc621e90f3199
- SSDEEP
  
  768:qqlRcLOBoGq8jkSuC0i/xTcgZWaz2gQZdReuEwTP/e4r2TzF7:qa4VGqa0i/x4yz25b9XTX7o7
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence