b449a250df3aea6784a75f2f03a7242d24fe3ed8dd0bab7f3730a840b04d8b3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b449a250df3aea6784a75f2f03a7242d24fe3ed8dd0bab7f3730a840b04d8b3e
Size

43KB
Sample

221206-w1bfxseg9z
MD5

0c2023377ffd106600e44cc0a8a35fe0
SHA1

2e7247d48d39c9a361bcd1ce6f7564d4b941db61
SHA256

b449a250df3aea6784a75f2f03a7242d24fe3ed8dd0bab7f3730a840b04d8b3e
SHA512

929aa0972a512cbd5aaae94d9c6ab4bc0e9f9bc14cc156d363ed902c491e8fb50d792c434b73e1ab5b3f1ebf29db7a08fa7eb4f6e5e0299c800459b98543f895
SSDEEP

768:Sg7nd8qhYz3S228PmrW96Te2+p581R6HkjHXeqvtK1EX0b1jjQNNu3HHCCjPkar6:3m6Hh0s5WFPQQHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  b449a250df3aea6784a75f2f03a7242d24fe3ed8dd0bab7f3730a840b04d8b3e
- Size
  
  43KB
- MD5
  
  0c2023377ffd106600e44cc0a8a35fe0
- SHA1
  
  2e7247d48d39c9a361bcd1ce6f7564d4b941db61
- SHA256
  
  b449a250df3aea6784a75f2f03a7242d24fe3ed8dd0bab7f3730a840b04d8b3e
- SHA512
  
  929aa0972a512cbd5aaae94d9c6ab4bc0e9f9bc14cc156d363ed902c491e8fb50d792c434b73e1ab5b3f1ebf29db7a08fa7eb4f6e5e0299c800459b98543f895
- SSDEEP
  
  768:Sg7nd8qhYz3S228PmrW96Te2+p581R6HkjHXeqvtK1EX0b1jjQNNu3HHCCjPkar6:3m6Hh0s5WFPQQHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence