a2cd39fd1d3afe365be52460e26babbe9f140240dc3fa24db7fe19ce06f3cef5 | Triage

Sharing

General

Target

a2cd39fd1d3afe365be52460e26babbe9f140240dc3fa24db7fe19ce06f3cef5
Size

43KB
Sample

221203-b6lhvsgf3x
MD5

8c960123019f3b821d68f96daa68b9a1
SHA1

1190c0de9e347ae836328eb38200e5377fc81614
SHA256

a2cd39fd1d3afe365be52460e26babbe9f140240dc3fa24db7fe19ce06f3cef5
SHA512

229a0b9a59082fdd2e9e2bdfd0a00ab44b8983e380f30e329df8f24e0a80500046fe6196a6078b47ba47bdd84a8dad993abaf2d6df1516ec30388fddd557a1a2
SSDEEP

768:p6wFb8OPu19SIo6zcrq92T62cf5s1q6HIjH6Sqvt21mlM91VpqNXMT3HCCjPkaR7:P+2rNTIiijLqMHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  a2cd39fd1d3afe365be52460e26babbe9f140240dc3fa24db7fe19ce06f3cef5
- Size
  
  43KB
- MD5
  
  8c960123019f3b821d68f96daa68b9a1
- SHA1
  
  1190c0de9e347ae836328eb38200e5377fc81614
- SHA256
  
  a2cd39fd1d3afe365be52460e26babbe9f140240dc3fa24db7fe19ce06f3cef5
- SHA512
  
  229a0b9a59082fdd2e9e2bdfd0a00ab44b8983e380f30e329df8f24e0a80500046fe6196a6078b47ba47bdd84a8dad993abaf2d6df1516ec30388fddd557a1a2
- SSDEEP
  
  768:p6wFb8OPu19SIo6zcrq92T62cf5s1q6HIjH6Sqvt21mlM91VpqNXMT3HCCjPkaR7:P+2rNTIiijLqMHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence