cfd6710692246cee066c345a42b825069f192fdd69f19d11424a853ae11ce9f6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cfd6710692246cee066c345a42b825069f192fdd69f19d11424a853ae11ce9f6
Size

896KB
Sample

221206-xxakwseh26
MD5

e4274f68a2fbeda5442036f0d034cef0
SHA1

49d6218ffaa8677cdf397571c4807dab544401e1
SHA256

cfd6710692246cee066c345a42b825069f192fdd69f19d11424a853ae11ce9f6
SHA512

164626cfc73e71c0bcb3a820ae3f24b45b7cbcf0ab55c0082773d6a7bc20c400c1734db8da8c88fc2ec642147f67a44018ba6202486421f4bd565bf4ee01b294
SSDEEP

24576:XaQW9rxCBMdYOgalmgRiQ1nG4BPzZdRs:XUxCBwLET4RD

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  cfd6710692246cee066c345a42b825069f192fdd69f19d11424a853ae11ce9f6
- Size
  
  896KB
- MD5
  
  e4274f68a2fbeda5442036f0d034cef0
- SHA1
  
  49d6218ffaa8677cdf397571c4807dab544401e1
- SHA256
  
  cfd6710692246cee066c345a42b825069f192fdd69f19d11424a853ae11ce9f6
- SHA512
  
  164626cfc73e71c0bcb3a820ae3f24b45b7cbcf0ab55c0082773d6a7bc20c400c1734db8da8c88fc2ec642147f67a44018ba6202486421f4bd565bf4ee01b294
- SSDEEP
  
  24576:XaQW9rxCBMdYOgalmgRiQ1nG4BPzZdRs:XUxCBwLET4RD
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence