24d8b33ffceaa0cee17a6258d39be1317672fc481c889822cf38963e3eb488c2 | Triage

Sharing

General

Target

decryp.exe
Size

18KB
Sample

230918-v225labb2y
MD5

0bddede8897d9d810f34d4eab1f6f07a
SHA1

b0b74c8a73699f93915154826ba8cfebe92c1dd4
SHA256

24d8b33ffceaa0cee17a6258d39be1317672fc481c889822cf38963e3eb488c2
SHA512

ae2e6cd9495b54c6fc9c4c27ece37bf0719bf42bd9c5bba4a29782f50d127d6a32461a405d9014b311e9de51d0ffc7c6001f9dbcdbbde94a92a2c51e661fe1fa
SSDEEP

384:3G1LKciD3h+fRSsBS9UpM8WefjHYc0wu:3G1LK1/sBS978/fTYc0wu

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  decryp.exe
- Size
  
  18KB
- MD5
  
  0bddede8897d9d810f34d4eab1f6f07a
- SHA1
  
  b0b74c8a73699f93915154826ba8cfebe92c1dd4
- SHA256
  
  24d8b33ffceaa0cee17a6258d39be1317672fc481c889822cf38963e3eb488c2
- SHA512
  
  ae2e6cd9495b54c6fc9c4c27ece37bf0719bf42bd9c5bba4a29782f50d127d6a32461a405d9014b311e9de51d0ffc7c6001f9dbcdbbde94a92a2c51e661fe1fa
- SSDEEP
  
  384:3G1LKciD3h+fRSsBS9UpM8WefjHYc0wu:3G1LK1/sBS978/fTYc0wu
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2