b24faea88302c3a83ba1b0c534b4f48e2b8c2b593e7c03ade4b171dc17069f58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b24faea88302c3a83ba1b0c534b4f48e2b8c2b593e7c03ade4b171dc17069f58
Size

73KB
Sample

221206-3j9qqaha2w
MD5

367227fcba3b21a1374c71af7dcce410
SHA1

50fe97a3167aecde7c8e474a1bb563f13d4b9c0b
SHA256

b24faea88302c3a83ba1b0c534b4f48e2b8c2b593e7c03ade4b171dc17069f58
SHA512

1417203e49f0f6f879905c9e41bda86870cb66bfa7414754626eda0b856de223834f0ca04a38cad6caba047233d9cd6d1373c85b7f1a91175b19d82f74b7991a
SSDEEP

768:fUkBgVc2/HSzLy+C/njGKT6S9UQEPtAh1/pwmnTEDNsTvyfmMsezb8vnRk7EuWyh:fUOg+ESy+CtVWI1/NEfZX8vGayrGly

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  b24faea88302c3a83ba1b0c534b4f48e2b8c2b593e7c03ade4b171dc17069f58
- Size
  
  73KB
- MD5
  
  367227fcba3b21a1374c71af7dcce410
- SHA1
  
  50fe97a3167aecde7c8e474a1bb563f13d4b9c0b
- SHA256
  
  b24faea88302c3a83ba1b0c534b4f48e2b8c2b593e7c03ade4b171dc17069f58
- SHA512
  
  1417203e49f0f6f879905c9e41bda86870cb66bfa7414754626eda0b856de223834f0ca04a38cad6caba047233d9cd6d1373c85b7f1a91175b19d82f74b7991a
- SSDEEP
  
  768:fUkBgVc2/HSzLy+C/njGKT6S9UQEPtAh1/pwmnTEDNsTvyfmMsezb8vnRk7EuWyh:fUOg+ESy+CtVWI1/NEfZX8vGayrGly
Score

8^/10

evasion persistence
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence