8c7892b4e4cb93158e48edcdadebb591f2311c1d9918f3c413c58d17857daba3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c7892b4e4cb93158e48edcdadebb591f2311c1d9918f3c413c58d17857daba3
Size

76KB
Sample

221206-nrqkgsdg94
MD5

1c50046336034d0876f7d355babbb3d0
SHA1

f92c8ab026b423c9749d277eb29a07466980abd7
SHA256

8c7892b4e4cb93158e48edcdadebb591f2311c1d9918f3c413c58d17857daba3
SHA512

46e08b0fe1708a45e07715b5c9a93282ae519a14cb28af49536ed01e21c6e2e636b01288578ceb99c249ef45ddeade9d13d264e36c91e292498bb4cc361fcd37
SSDEEP

1536:kxOpO4O620Np6ajTF2ad35nPEXbQI/O0r38V3Exr5lWyK9KpO:pRBd+2ED8yK9X

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8c7892b4e4cb93158e48edcdadebb591f2311c1d9918f3c413c58d17857daba3
- Size
  
  76KB
- MD5
  
  1c50046336034d0876f7d355babbb3d0
- SHA1
  
  f92c8ab026b423c9749d277eb29a07466980abd7
- SHA256
  
  8c7892b4e4cb93158e48edcdadebb591f2311c1d9918f3c413c58d17857daba3
- SHA512
  
  46e08b0fe1708a45e07715b5c9a93282ae519a14cb28af49536ed01e21c6e2e636b01288578ceb99c249ef45ddeade9d13d264e36c91e292498bb4cc361fcd37
- SSDEEP
  
  1536:kxOpO4O620Np6ajTF2ad35nPEXbQI/O0r38V3Exr5lWyK9KpO:pRBd+2ED8yK9X
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence