067916eeef467124e4ed136953bc7f2dbd432367a8bb09598a35e1e608183b05 | Triage

Sharing

General

Target

5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92.zip
Size

88KB
Sample

221221-ma7xrsfb81
MD5

54b7902f04e0f2f073352e5cd8f460f0
SHA1

cd794b02eaa48fd22a79427bb663ad01a8463323
SHA256

067916eeef467124e4ed136953bc7f2dbd432367a8bb09598a35e1e608183b05
SHA512

98bf6b33118e2a186dfd0923e4c068633dd17fe8daa70180c2abd94d2f1aea74d29cab0142c8908b1599963551cd22ba7392203ca6faa9fbb7e1b8c8996d124f
SSDEEP

1536:hKsw20QnVZdX0O7s50j7i6u8IGvp5L74F1QJ/ftkGYAc9lh6ludwH4dCb/ujj:wsw20QnbdEO7K0j7fu8I0rL0FlGtJum+

Score

8^/10

discovery evasion exploit

Malware Config

Targets

- Target
  
  5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92.exe
- Size
  
  143KB
- MD5
  
  193cbda4598fe61c69b538416fb78aa1
- SHA1
  
  7f8546a917732a4daf146b818fdb7c14b25df3ba
- SHA256
  
  5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92
- SHA512
  
  9e3cb60b519fb6f81b484048ab9e9b4ec78ef81f30c31807d28e18b8ac91a36e94d0c19e5e09082b1039cbcc4b6ece4189677168c97fe5a6da0fb395adc15e3b
- SSDEEP
  
  3072:MTb4+LoQHG9gh9hRgf2WGapffZY36ozdH6oz:ObFLo1aRg+gXZUz
Score

8^/10

discovery evasion exploit
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionexploit

behavioral2

discoveryevasionexploit