a9e74052fe1819723eb9d307a7b5a3a227e956c42c79067c727511a6fde96102 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9e74052fe1819723eb9d307a7b5a3a227e956c42c79067c727511a6fde96102
Size

1.7MB
Sample

221203-w3z73aea54
MD5

f3eb26f9282b9e1c42d4215f5b0dce62
SHA1

4a5b446204693e0efc9b3edfae06b1c9ad6a0865
SHA256

a9e74052fe1819723eb9d307a7b5a3a227e956c42c79067c727511a6fde96102
SHA512

26818a450d479f08de52efd1ae291d1f9aabba4181ed1bb2d552e4c20de6f2c3bad69f0d1b29bd2d4b33a031833daf61ab82a01ab9903996e97182a52c853cec
SSDEEP

12288:w3QyecmYq7i/49rbX4xDYifr3QyecmYq7i/49rbX4xDYifn:7taSrbxtaSrb4

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  a9e74052fe1819723eb9d307a7b5a3a227e956c42c79067c727511a6fde96102
- Size
  
  1.7MB
- MD5
  
  f3eb26f9282b9e1c42d4215f5b0dce62
- SHA1
  
  4a5b446204693e0efc9b3edfae06b1c9ad6a0865
- SHA256
  
  a9e74052fe1819723eb9d307a7b5a3a227e956c42c79067c727511a6fde96102
- SHA512
  
  26818a450d479f08de52efd1ae291d1f9aabba4181ed1bb2d552e4c20de6f2c3bad69f0d1b29bd2d4b33a031833daf61ab82a01ab9903996e97182a52c853cec
- SSDEEP
  
  12288:w3QyecmYq7i/49rbX4xDYifr3QyecmYq7i/49rbX4xDYifn:7taSrbxtaSrb4
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence