94d541e0b87e610a71aeec6f8ffa07b9007612f65233ed78ac16cffda98e05e3 | Triage

Sharing

General

Target

79b1d9fa564a09c901a738dc23e5a409
Size

405KB
Sample

231226-s5ahmsfec5
MD5

79b1d9fa564a09c901a738dc23e5a409
SHA1

eadbc4f609b6b073519664660527d77a2f1c1b06
SHA256

94d541e0b87e610a71aeec6f8ffa07b9007612f65233ed78ac16cffda98e05e3
SHA512

3a3ba57c5626d22dad4a507b178a5b80798a89bff7706113968995bc3d4e20d90d6d48776ea3419459cded77861bdbd37265b426b96a53f9a3621570fb22c565
SSDEEP

6144:TbXE9OiTGfhEClq97Q9+L7cWSUezPknw5zsQu0M7hA37E1L42Yz4UFGbjKfm8fpC:fU9Xiuim30zmGVVM7hAonZhyX4CmD

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  79b1d9fa564a09c901a738dc23e5a409
- Size
  
  405KB
- MD5
  
  79b1d9fa564a09c901a738dc23e5a409
- SHA1
  
  eadbc4f609b6b073519664660527d77a2f1c1b06
- SHA256
  
  94d541e0b87e610a71aeec6f8ffa07b9007612f65233ed78ac16cffda98e05e3
- SHA512
  
  3a3ba57c5626d22dad4a507b178a5b80798a89bff7706113968995bc3d4e20d90d6d48776ea3419459cded77861bdbd37265b426b96a53f9a3621570fb22c565
- SSDEEP
  
  6144:TbXE9OiTGfhEClq97Q9+L7cWSUezPknw5zsQu0M7hA37E1L42Yz4UFGbjKfm8fpC:fU9Xiuim30zmGVVM7hAonZhyX4CmD
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2