adfac3fa868ffce00ac8dd42c4d12421d485e62bd0b84483e2fed1cd70efc2bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

adfac3fa868ffce00ac8dd42c4d12421d485e62bd0b84483e2fed1cd70efc2bb
Size

175KB
Sample

221205-k28x2ahg5t
MD5

1d7343629779fc2996a0f325cddd26de
SHA1

20ddcc193c7b13322c3cf9ff298d128e556315ab
SHA256

adfac3fa868ffce00ac8dd42c4d12421d485e62bd0b84483e2fed1cd70efc2bb
SHA512

a3591ed28120db00e6732e2fd9a5675619ce08ccb58ea1379fc9ac5730cb2b1a2323a11f99ef796dda707f90002bcec0e36f9403c393d1df0b0a49e6c0ce248e
SSDEEP

3072:ZHQMls87bHbflGtlhw9jdx6eV5p+JyLhFCUP9uVxihTk:ZdF7bHbdGtlOjCq5ptQxia

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  adfac3fa868ffce00ac8dd42c4d12421d485e62bd0b84483e2fed1cd70efc2bb
- Size
  
  175KB
- MD5
  
  1d7343629779fc2996a0f325cddd26de
- SHA1
  
  20ddcc193c7b13322c3cf9ff298d128e556315ab
- SHA256
  
  adfac3fa868ffce00ac8dd42c4d12421d485e62bd0b84483e2fed1cd70efc2bb
- SHA512
  
  a3591ed28120db00e6732e2fd9a5675619ce08ccb58ea1379fc9ac5730cb2b1a2323a11f99ef796dda707f90002bcec0e36f9403c393d1df0b0a49e6c0ce248e
- SSDEEP
  
  3072:ZHQMls87bHbflGtlhw9jdx6eV5p+JyLhFCUP9uVxihTk:ZdF7bHbdGtlOjCq5ptQxia
Score

8^/10

evasion
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2