ffb86731999036f6a88d82ce27c6fd89a8502c79cbbe529c33322fb3bb7ae324 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffb86731999036f6a88d82ce27c6fd89a8502c79cbbe529c33322fb3bb7ae324
Size

17KB
Sample

221204-kczcascb43
MD5

a4d13ab216d1edabedc04eb940c1f518
SHA1

5e6a819d51e6718ca8aa8f286ce7bd2a1bc04400
SHA256

ffb86731999036f6a88d82ce27c6fd89a8502c79cbbe529c33322fb3bb7ae324
SHA512

d60d3beafffcb5c48a9f89f714304c18bbc8564357e13c9b2105d1701530da8e98aa9ea380b473a6bc01b2a5f66791659ad66fc6e936b03177cb0150cb869ec5
SSDEEP

384:ZCGdZ5OpNzna1ic+fYghKqcK8kBRPDaNJawcudoD7UYxt:ZEa+AghKZkGnbcuyD7UYb

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  ffb86731999036f6a88d82ce27c6fd89a8502c79cbbe529c33322fb3bb7ae324
- Size
  
  17KB
- MD5
  
  a4d13ab216d1edabedc04eb940c1f518
- SHA1
  
  5e6a819d51e6718ca8aa8f286ce7bd2a1bc04400
- SHA256
  
  ffb86731999036f6a88d82ce27c6fd89a8502c79cbbe529c33322fb3bb7ae324
- SHA512
  
  d60d3beafffcb5c48a9f89f714304c18bbc8564357e13c9b2105d1701530da8e98aa9ea380b473a6bc01b2a5f66791659ad66fc6e936b03177cb0150cb869ec5
- SSDEEP
  
  384:ZCGdZ5OpNzna1ic+fYghKqcK8kBRPDaNJawcudoD7UYxt:ZEa+AghKZkGnbcuyD7UYb
Score

8^/10

evasion persistence
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence