98878b16464ade54a25512a723efa9551c33ceaa3e756eea5bfc5933a905a19d | Triage

Sharing

General

Target

98878b16464ade54a25512a723efa9551c33ceaa3e756eea5bfc5933a905a19d
Size

146KB
Sample

221203-va84tscd3x
MD5

c45cf03a5159c611d2bb20fc1863b4eb
SHA1

e32e390800f5938ca1f594001f61b3c08b9344f0
SHA256

98878b16464ade54a25512a723efa9551c33ceaa3e756eea5bfc5933a905a19d
SHA512

0955ca13ea31064426de9cb38af6d8944938bd3a7efc012e3826e68294d8665dc1a486a25d9c9067aa454d2fde9a48794fa09146b7723d1aed2c0c379021cd12
SSDEEP

3072:Drt5cvaFDJ1kM6SUwSvTlToS7gQrt5cvaFDJ1kWQEaCDNfE58bgMY3o:DTxFP6SUwSvTlT7TxFIEZDNp

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  98878b16464ade54a25512a723efa9551c33ceaa3e756eea5bfc5933a905a19d
- Size
  
  146KB
- MD5
  
  c45cf03a5159c611d2bb20fc1863b4eb
- SHA1
  
  e32e390800f5938ca1f594001f61b3c08b9344f0
- SHA256
  
  98878b16464ade54a25512a723efa9551c33ceaa3e756eea5bfc5933a905a19d
- SHA512
  
  0955ca13ea31064426de9cb38af6d8944938bd3a7efc012e3826e68294d8665dc1a486a25d9c9067aa454d2fde9a48794fa09146b7723d1aed2c0c379021cd12
- SSDEEP
  
  3072:Drt5cvaFDJ1kM6SUwSvTlToS7gQrt5cvaFDJ1kWQEaCDNfE58bgMY3o:DTxFP6SUwSvTlT7TxFIEZDNp
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence