5a6407559deff7c0ab0a126c2ca9373036d41299686a818ac45a3a5718f5e805 | Triage

Sharing

General

Target

1241e6ac4b6449ef6b2a36fb51ef8a87
Size

164KB
Sample

231224-zvg83afbd8
MD5

1241e6ac4b6449ef6b2a36fb51ef8a87
SHA1

62c756d2a3e09f6e17a2c4730b69096ebb1cc5a6
SHA256

5a6407559deff7c0ab0a126c2ca9373036d41299686a818ac45a3a5718f5e805
SHA512

edbd05c3481444340346a4226ccdb94303bff323e6366c799acb15f875d733cf00ee34f7cafd02378cd0bb7b7ea7f19f06973df97ee3209e10bbb9bfbed9b5e4
SSDEEP

3072:F5hETVr4gVIkWLRig0QsM7OKSpPAMf2M9vUUiao0L:PhEugVIkSr0rPAMpBL

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1241e6ac4b6449ef6b2a36fb51ef8a87
- Size
  
  164KB
- MD5
  
  1241e6ac4b6449ef6b2a36fb51ef8a87
- SHA1
  
  62c756d2a3e09f6e17a2c4730b69096ebb1cc5a6
- SHA256
  
  5a6407559deff7c0ab0a126c2ca9373036d41299686a818ac45a3a5718f5e805
- SHA512
  
  edbd05c3481444340346a4226ccdb94303bff323e6366c799acb15f875d733cf00ee34f7cafd02378cd0bb7b7ea7f19f06973df97ee3209e10bbb9bfbed9b5e4
- SSDEEP
  
  3072:F5hETVr4gVIkWLRig0QsM7OKSpPAMf2M9vUUiao0L:PhEugVIkSr0rPAMpBL
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence