8a86c7361a46fc005c83129a520810d30195deb4f0692f1ed6a0caa3c5d48580 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8a86c7361a46fc005c83129a520810d30195deb4f0692f1ed6a0caa3c5d48580
Size

17KB
Sample

221203-bfrxysbf22
MD5

c23017a6c3787bde2923bdee1dc1390a
SHA1

3ddcd4eacbe4c6e3f11a3c9db80da9d7d976d229
SHA256

8a86c7361a46fc005c83129a520810d30195deb4f0692f1ed6a0caa3c5d48580
SHA512

f218cec5f0675b95657c8cf8b51347a9ee24650fdf040fd80b09abbe276274aad49973fe88aa6599465e85aba25f7af0ecffbc846ca59426336a51d84cb1894f
SSDEEP

384:wGxN21KGYz0iwV1vF32zjydJw96uBgyaNJawcudoD7UoxV:NY1KG8vwV5tWjUJtuBcnbcuyD7Uoj

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  8a86c7361a46fc005c83129a520810d30195deb4f0692f1ed6a0caa3c5d48580
- Size
  
  17KB
- MD5
  
  c23017a6c3787bde2923bdee1dc1390a
- SHA1
  
  3ddcd4eacbe4c6e3f11a3c9db80da9d7d976d229
- SHA256
  
  8a86c7361a46fc005c83129a520810d30195deb4f0692f1ed6a0caa3c5d48580
- SHA512
  
  f218cec5f0675b95657c8cf8b51347a9ee24650fdf040fd80b09abbe276274aad49973fe88aa6599465e85aba25f7af0ecffbc846ca59426336a51d84cb1894f
- SSDEEP
  
  384:wGxN21KGYz0iwV1vF32zjydJw96uBgyaNJawcudoD7UoxV:NY1KG8vwV5tWjUJtuBcnbcuyD7Uoj
Score

8^/10

evasion persistence
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2