0b50e1210472da7052cdf50d8a0c9cec52902a4cbf9c586cc1c5474dc70b5428 | Triage

Sharing

General

Target

0b50e1210472da7052cdf50d8a0c9cec52902a4cbf9c586cc1c5474dc70b5428
Size

44KB
Sample

221203-b7kb7agf8y
MD5

31956e1e2b6238d4cb2ae04287041d50
SHA1

edfc521b5a1533409004c34eda0d84ffde384647
SHA256

0b50e1210472da7052cdf50d8a0c9cec52902a4cbf9c586cc1c5474dc70b5428
SHA512

a782bb974a607ca74031a78115f2ac3e3e0b162896d5b93d2b2778bd5bd9168be2eab48e2a8ef0e6f7199aee571a3c1438ecf171745b18b91031e8a8b1843d6e
SSDEEP

768:No/Pl86Ng7TSuuff+bCxOnnu2GB581M6HTjHHGqvtq1ssE71GwM4vgNK2mljcEnD:wpOnrBJ/h2k5M4vgYlQEnjFnwTF

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  0b50e1210472da7052cdf50d8a0c9cec52902a4cbf9c586cc1c5474dc70b5428
- Size
  
  44KB
- MD5
  
  31956e1e2b6238d4cb2ae04287041d50
- SHA1
  
  edfc521b5a1533409004c34eda0d84ffde384647
- SHA256
  
  0b50e1210472da7052cdf50d8a0c9cec52902a4cbf9c586cc1c5474dc70b5428
- SHA512
  
  a782bb974a607ca74031a78115f2ac3e3e0b162896d5b93d2b2778bd5bd9168be2eab48e2a8ef0e6f7199aee571a3c1438ecf171745b18b91031e8a8b1843d6e
- SSDEEP
  
  768:No/Pl86Ng7TSuuff+bCxOnnu2GB581M6HTjHHGqvtq1ssE71GwM4vgNK2mljcEnD:wpOnrBJ/h2k5M4vgYlQEnjFnwTF
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence