a185012dfc87456f9b2befe586ac91ba800484badb44f79533a59d4899c49fba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1232537c161e32f904ce36d4f29c71d0.bin
Size

3.2MB
Sample

230324-bgd3gsdc41
MD5

6785e98ccf31c0d8f45867bd84aa2e5a
SHA1

1c6cdf344570aaf5b33f2a4be1c008195bef096f
SHA256

a185012dfc87456f9b2befe586ac91ba800484badb44f79533a59d4899c49fba
SHA512

83d0dae884e3970bd2041edf7d801b6e1166db32adf724639930f9924ee3ee2f2462c4f406d75a043e5151264e99fa418413722c223e2b626b8e57e0abe82225
SSDEEP

98304:rS2JzPDnDH8Gl8nwb1zKAR0Whq3W85so8Kt+hdQKd2:FPDD7lpb1zd0aIWK/t+h2Kd2

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  f33af993fd18bb47b931e031b68dc5e030dbea7118ed4746183238066336f597.exe
- Size
  
  3.3MB
- MD5
  
  1232537c161e32f904ce36d4f29c71d0
- SHA1
  
  1bc2fdc280628cebb4a3f0104a642df02e98b27c
- SHA256
  
  f33af993fd18bb47b931e031b68dc5e030dbea7118ed4746183238066336f597
- SHA512
  
  25b288318cc05bdbb40a1f9feeef550703354ae75b6582be3a052c32c0f2bc31978e7e00aa4516f6a9faff4b64fd3432fd5374b1df0b3ae30998c827e47c8b76
- SSDEEP
  
  98304:uviz/27qWGq/TzuqCDl2Ptao7jk8zatt1N3:uviq75/TzufvpN3
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence