fb9c6c9154a89e019adcaf62a924f68234bc47d2826c2319a99e8edb3c073d23 | Triage

Sharing

General

Target

fb9c6c9154a89e019adcaf62a924f68234bc47d2826c2319a99e8edb3c073d23
Size

38KB
Sample

221203-mxaksada76
MD5

0fe807fedd31f6cc32f4a3fdf3830070
SHA1

7b1422e4d4ebc72a7ea4f9f2c92b6ede2de250d7
SHA256

fb9c6c9154a89e019adcaf62a924f68234bc47d2826c2319a99e8edb3c073d23
SHA512

e15eec4de7c3dfa7cb7004303fac511d7aaaf7afcb229398769134963c898215bf2e09911a4f44c3f60718f23bd2656dd2f8bcd85dc5025341ebcb8d0a0b4475
SSDEEP

768:cIae3d21K7iwR37MJXshzSJQpBryb0A4THSCOA:ue3V7lp3fryAT

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  fb9c6c9154a89e019adcaf62a924f68234bc47d2826c2319a99e8edb3c073d23
- Size
  
  38KB
- MD5
  
  0fe807fedd31f6cc32f4a3fdf3830070
- SHA1
  
  7b1422e4d4ebc72a7ea4f9f2c92b6ede2de250d7
- SHA256
  
  fb9c6c9154a89e019adcaf62a924f68234bc47d2826c2319a99e8edb3c073d23
- SHA512
  
  e15eec4de7c3dfa7cb7004303fac511d7aaaf7afcb229398769134963c898215bf2e09911a4f44c3f60718f23bd2656dd2f8bcd85dc5025341ebcb8d0a0b4475
- SSDEEP
  
  768:cIae3d21K7iwR37MJXshzSJQpBryb0A4THSCOA:ue3V7lp3fryAT
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence