b61784656a11f3083d8fcf051d48c9d84a8e053b7342fef22fe0b95681f24a17 | Triage

Sharing

General

Target

b61784656a11f3083d8fcf051d48c9d84a8e053b7342fef22fe0b95681f24a17
Size

52KB
Sample

221205-j2ztpaeh5y
MD5

01ca718c2fa046dbc2f84d8799bb7e00
SHA1

5fe3cf1afe4f7fb26b222e7a2cc02942493aacee
SHA256

b61784656a11f3083d8fcf051d48c9d84a8e053b7342fef22fe0b95681f24a17
SHA512

e3477853b4113f3b0273e75c6c806152439e9fd583b06770c2642947cd21115cf002c44f3559d6379ea0c6b669375e3c2ebd4b11ac2b6f494f98925bc7036d9a
SSDEEP

768:XDf153t9lBVbJQKem9yDCKCO3lpc8zTfRWNm4EcAIZqpV4ETuzV8C:XT153t97ndTyedOVCod34WIZEBc

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  b61784656a11f3083d8fcf051d48c9d84a8e053b7342fef22fe0b95681f24a17
- Size
  
  52KB
- MD5
  
  01ca718c2fa046dbc2f84d8799bb7e00
- SHA1
  
  5fe3cf1afe4f7fb26b222e7a2cc02942493aacee
- SHA256
  
  b61784656a11f3083d8fcf051d48c9d84a8e053b7342fef22fe0b95681f24a17
- SHA512
  
  e3477853b4113f3b0273e75c6c806152439e9fd583b06770c2642947cd21115cf002c44f3559d6379ea0c6b669375e3c2ebd4b11ac2b6f494f98925bc7036d9a
- SSDEEP
  
  768:XDf153t9lBVbJQKem9yDCKCO3lpc8zTfRWNm4EcAIZqpV4ETuzV8C:XT153t97ndTyedOVCod34WIZEBc
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence