bcad94953a38a09a314bbad0903de79e88d65093573e10c94313340d26694385 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bcad94953a38a09a314bbad0903de79e88d65093573e10c94313340d26694385
Size

235KB
Sample

221203-23tyyade89
MD5

09e7ed1afc5513c3364421899a3d7a50
SHA1

898de1ae5ff57b52e03c4aaba62710b1c2d29af6
SHA256

bcad94953a38a09a314bbad0903de79e88d65093573e10c94313340d26694385
SHA512

81842d41077602d9f5ef64271b55535447fc2e9cdff613eabf01eaee003a57dd007f0440474b772d31e4886e3b34b1b0233970666f3e659a9f3590c27b338c0a
SSDEEP

3072:X6Hh0s5WFPnHdrkNmM4oxust9fTBVOAaAJE5juQ3chCUml4VnX/ztenc6xc5+cOm:X5HdoNmMbxuszfPOffcXF+cOr+9lPF

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  bcad94953a38a09a314bbad0903de79e88d65093573e10c94313340d26694385
- Size
  
  235KB
- MD5
  
  09e7ed1afc5513c3364421899a3d7a50
- SHA1
  
  898de1ae5ff57b52e03c4aaba62710b1c2d29af6
- SHA256
  
  bcad94953a38a09a314bbad0903de79e88d65093573e10c94313340d26694385
- SHA512
  
  81842d41077602d9f5ef64271b55535447fc2e9cdff613eabf01eaee003a57dd007f0440474b772d31e4886e3b34b1b0233970666f3e659a9f3590c27b338c0a
- SSDEEP
  
  3072:X6Hh0s5WFPnHdrkNmM4oxust9fTBVOAaAJE5juQ3chCUml4VnX/ztenc6xc5+cOm:X5HdoNmMbxuszfPOffcXF+cOr+9lPF
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence