1bfcbf5625a2e41fd9c6b38c0725f6c2c5465f960d290fc6540ff3c8f5da774b | Triage

Sharing

General

Target

tmp
Size

17.8MB
Sample

221224-xnvjpsdf5z
MD5

9c7197742428a58f559400db1d4627f9
SHA1

6420427a0feac20622d3bf23dbec05c1b0697e82
SHA256

1bfcbf5625a2e41fd9c6b38c0725f6c2c5465f960d290fc6540ff3c8f5da774b
SHA512

9b1969a9709f2017881f492561c15ff4cc7056238804bc8f8a186feae0a36326ad96c2e1961672b31d49f704245be157351964f445533c57c12383adf6b87382
SSDEEP

393216:AJhooqHHlZCUddQuslJwdTq3+d95M7WMW8W8YVapPyX5jj:AJ+zHH/ZddQuzuOd9ibW8ZkXxj

Score

8^/10

evasion persistence pyinstaller

Malware Config

Targets

- Target
  
  tmp
- Size
  
  17.8MB
- MD5
  
  9c7197742428a58f559400db1d4627f9
- SHA1
  
  6420427a0feac20622d3bf23dbec05c1b0697e82
- SHA256
  
  1bfcbf5625a2e41fd9c6b38c0725f6c2c5465f960d290fc6540ff3c8f5da774b
- SHA512
  
  9b1969a9709f2017881f492561c15ff4cc7056238804bc8f8a186feae0a36326ad96c2e1961672b31d49f704245be157351964f445533c57c12383adf6b87382
- SSDEEP
  
  393216:AJhooqHHlZCUddQuslJwdTq3+d95M7WMW8W8YVapPyX5jj:AJ+zHH/ZddQuzuOd9ibW8ZkXxj
Score

8^/10

evasion persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence