bfd66b8c04842a8117a081ac7e9ac1cd83480996428e137534df86939e712e76 | Triage

Sharing

General

Target

bfd66b8c04842a8117a081ac7e9ac1cd83480996428e137534df86939e712e76
Size

40KB
Sample

221201-wq3seshg2x
MD5

7bed7c82efafe6fbbe811b9cdb7ef374
SHA1

253e75dd646496c947aea0270ab74110c5445419
SHA256

bfd66b8c04842a8117a081ac7e9ac1cd83480996428e137534df86939e712e76
SHA512

669c8c51c76907b2885ddcaa0d1bcb66c8aee493fec7217aa379f2f691b7a58bb745985f9b5debb87ccb15d8d4fd24b8490eebb9cf77f41fbbcaceb58145b1cd
SSDEEP

768:SI8KnBLmtqeOQhbq+WVGvbsLHCAQpBryb0A4T+Ko+OA5FRe:2KnheOoa0fryAT

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  bfd66b8c04842a8117a081ac7e9ac1cd83480996428e137534df86939e712e76
- Size
  
  40KB
- MD5
  
  7bed7c82efafe6fbbe811b9cdb7ef374
- SHA1
  
  253e75dd646496c947aea0270ab74110c5445419
- SHA256
  
  bfd66b8c04842a8117a081ac7e9ac1cd83480996428e137534df86939e712e76
- SHA512
  
  669c8c51c76907b2885ddcaa0d1bcb66c8aee493fec7217aa379f2f691b7a58bb745985f9b5debb87ccb15d8d4fd24b8490eebb9cf77f41fbbcaceb58145b1cd
- SSDEEP
  
  768:SI8KnBLmtqeOQhbq+WVGvbsLHCAQpBryb0A4T+Ko+OA5FRe:2KnheOoa0fryAT
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence