5c7821de172e5313df15062609f3170ef3872810bcd7d61256b0dd870a4b2db2 | Triage

Sharing

General

Target

75ef4ade1c5277c65763d23dc9ab46dc
Size

80KB
Sample

231226-rxh95shbe6
MD5

75ef4ade1c5277c65763d23dc9ab46dc
SHA1

f943d642ea3a1b972bcc594350ce9553f32ea097
SHA256

5c7821de172e5313df15062609f3170ef3872810bcd7d61256b0dd870a4b2db2
SHA512

3c0c429fdea45a07dd9fe484f7374892c4624c30956741111399b339cafce4b2c75e18f223809e8827579cd34f7269787ac2e100750c5daa45033c8edd80f364
SSDEEP

768:a5j7oznv4IC7Pni73G3dK2jHcQSb52vgURxkZ:WjcznvDj7WM2jFSwbG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  75ef4ade1c5277c65763d23dc9ab46dc
- Size
  
  80KB
- MD5
  
  75ef4ade1c5277c65763d23dc9ab46dc
- SHA1
  
  f943d642ea3a1b972bcc594350ce9553f32ea097
- SHA256
  
  5c7821de172e5313df15062609f3170ef3872810bcd7d61256b0dd870a4b2db2
- SHA512
  
  3c0c429fdea45a07dd9fe484f7374892c4624c30956741111399b339cafce4b2c75e18f223809e8827579cd34f7269787ac2e100750c5daa45033c8edd80f364
- SSDEEP
  
  768:a5j7oznv4IC7Pni73G3dK2jHcQSb52vgURxkZ:WjcznvDj7WM2jFSwbG
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence