2c770544d14487f57cc8f3c9261fe7e803e2bfa7eb34d8360fd06292f2aa276c | Triage

Sharing

General

Target

2c770544d14487f57cc8f3c9261fe7e803e2bfa7eb34d8360fd06292f2aa276c
Size

2.9MB
Sample

221206-z1vrcagd6t
MD5

d9ea3161d30d4dfff51bebdb007864fa
SHA1

f5487ba4c69593e48f4cf346a8f57978631b70e6
SHA256

2c770544d14487f57cc8f3c9261fe7e803e2bfa7eb34d8360fd06292f2aa276c
SHA512

bc9a1277bc126b5ecf8d4def55646c7d4e257d47b7132f87b972cbe03318216765da908cc51a4373ff14cb8760a457681755d4121d04d974e62b78896d8ad1e0
SSDEEP

49152:b1dlZomjyjWfB+vW68sX5WMpsXs8OD+sJT/OuptZV+IcVdniSWGBe9/5p6:b1dl2mjmIi8W5xpsXs8Yp/zZVzcf3+hU

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  2c770544d14487f57cc8f3c9261fe7e803e2bfa7eb34d8360fd06292f2aa276c
- Size
  
  2.9MB
- MD5
  
  d9ea3161d30d4dfff51bebdb007864fa
- SHA1
  
  f5487ba4c69593e48f4cf346a8f57978631b70e6
- SHA256
  
  2c770544d14487f57cc8f3c9261fe7e803e2bfa7eb34d8360fd06292f2aa276c
- SHA512
  
  bc9a1277bc126b5ecf8d4def55646c7d4e257d47b7132f87b972cbe03318216765da908cc51a4373ff14cb8760a457681755d4121d04d974e62b78896d8ad1e0
- SSDEEP
  
  49152:b1dlZomjyjWfB+vW68sX5WMpsXs8OD+sJT/OuptZV+IcVdniSWGBe9/5p6:b1dl2mjmIi8W5xpsXs8Yp/zZVzcf3+hU
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence