0777558222bb174523fd199c51342f501cd21a00432ac4b728b3598b931ab8f0 | Triage

Sharing

General

Target

0777558222bb174523fd199c51342f501cd21a00432ac4b728b3598b931ab8f0
Size

3.8MB
Sample

221206-zg4vxaee4z
MD5

aafe92a2d2797263cd9ef8581143b115
SHA1

eccaf7b96cc64f0e7220a8ef8bcd6f49130dcab9
SHA256

0777558222bb174523fd199c51342f501cd21a00432ac4b728b3598b931ab8f0
SHA512

320978d075d2b0798742ca315a93fb03f92f5524400bdedcd3876b86ca063c0ed72ce4fb556280906e787700edf0252cb1972e0f453422aebe4373ced4221cc3
SSDEEP

49152:XYqjcEL1Yqo4drNK10lUU6YyQXdXbvSWm3p9FIzlQfv5zp30Okm4O3m5Sd1jK6yU:XYqjdHvrNNCO/Xb2FilEvdx0k4O/lyU

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  0777558222bb174523fd199c51342f501cd21a00432ac4b728b3598b931ab8f0
- Size
  
  3.8MB
- MD5
  
  aafe92a2d2797263cd9ef8581143b115
- SHA1
  
  eccaf7b96cc64f0e7220a8ef8bcd6f49130dcab9
- SHA256
  
  0777558222bb174523fd199c51342f501cd21a00432ac4b728b3598b931ab8f0
- SHA512
  
  320978d075d2b0798742ca315a93fb03f92f5524400bdedcd3876b86ca063c0ed72ce4fb556280906e787700edf0252cb1972e0f453422aebe4373ced4221cc3
- SSDEEP
  
  49152:XYqjcEL1Yqo4drNK10lUU6YyQXdXbvSWm3p9FIzlQfv5zp30Okm4O3m5Sd1jK6yU:XYqjdHvrNNCO/Xb2FilEvdx0k4O/lyU
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence