b332bbe4dcb59a97cb405c5faf1d90bf0c61f183fcbd0842bdb4edbbaf701dd0 | Triage

Sharing

General

Target

263e57024e38d40170ec2ef3068a10a9
Size

27KB
Sample

231231-dxckpsghdl
MD5

263e57024e38d40170ec2ef3068a10a9
SHA1

3e0ae44e3493f7e4a80ae724650ab259bdb44535
SHA256

b332bbe4dcb59a97cb405c5faf1d90bf0c61f183fcbd0842bdb4edbbaf701dd0
SHA512

d3b45c1b2d947f9b07847e79cce7cf0e8e55e2480334ffdda6953fe89ca99e3ede980d72a4a194fea46ce9843629b9230c0e21d93304dee66758772604840b56
SSDEEP

768:Q8/vuzm4DH+4U+CSWX34wF4jCFy1CikZcKTs:VvgdDH+4zCSWX34wFWCFy1CPZc

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  263e57024e38d40170ec2ef3068a10a9
- Size
  
  27KB
- MD5
  
  263e57024e38d40170ec2ef3068a10a9
- SHA1
  
  3e0ae44e3493f7e4a80ae724650ab259bdb44535
- SHA256
  
  b332bbe4dcb59a97cb405c5faf1d90bf0c61f183fcbd0842bdb4edbbaf701dd0
- SHA512
  
  d3b45c1b2d947f9b07847e79cce7cf0e8e55e2480334ffdda6953fe89ca99e3ede980d72a4a194fea46ce9843629b9230c0e21d93304dee66758772604840b56
- SSDEEP
  
  768:Q8/vuzm4DH+4U+CSWX34wF4jCFy1CikZcKTs:VvgdDH+4zCSWX34wFWCFy1CPZc
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence