cf8d0ce47fd80e76eb2dc258027fed76904766ef5c7ffdc142152c8e84c5dc6a | Triage

Sharing

General

Target

cf8d0ce47fd80e76eb2dc258027fed76904766ef5c7ffdc142152c8e84c5dc6a
Size

52KB
Sample

221203-e3wq7sea98
MD5

557fad251a7f9cfc4457138c5fcc56f0
SHA1

2ac6f05b6f24c0baaa18524bdee4d3f8fd087912
SHA256

cf8d0ce47fd80e76eb2dc258027fed76904766ef5c7ffdc142152c8e84c5dc6a
SHA512

82d1e55fadbc3be66ce292d406cebd380f71c9ec72adefdebfea010787cd3920f0be3c902ab2e4b43a1edee6c282dec4e68682b84bb8e473a6bffcb7c4f14712
SSDEEP

768:W3HRPxnLdhrGs1FND3ij02YvWZ0BuphAEweCgF:EJos133iIWeBKhoHW

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  cf8d0ce47fd80e76eb2dc258027fed76904766ef5c7ffdc142152c8e84c5dc6a
- Size
  
  52KB
- MD5
  
  557fad251a7f9cfc4457138c5fcc56f0
- SHA1
  
  2ac6f05b6f24c0baaa18524bdee4d3f8fd087912
- SHA256
  
  cf8d0ce47fd80e76eb2dc258027fed76904766ef5c7ffdc142152c8e84c5dc6a
- SHA512
  
  82d1e55fadbc3be66ce292d406cebd380f71c9ec72adefdebfea010787cd3920f0be3c902ab2e4b43a1edee6c282dec4e68682b84bb8e473a6bffcb7c4f14712
- SSDEEP
  
  768:W3HRPxnLdhrGs1FND3ij02YvWZ0BuphAEweCgF:EJos133iIWeBKhoHW
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence