457d3de1e5ce0a64701edaa3943bf2b7bf73573043f87608ead4a714f88ce269 | Triage

Sharing

General

Target

2fcdec22512db65dc6356aeeb679553b
Size

2.0MB
Sample

231231-ktpt7adcdm
MD5

2fcdec22512db65dc6356aeeb679553b
SHA1

0410ed312b7c5ec84ac776ce8ad1ebffa4663a0a
SHA256

457d3de1e5ce0a64701edaa3943bf2b7bf73573043f87608ead4a714f88ce269
SHA512

b14c10a4fedc1cef6b09ec0e28bd1c09b41d3fa72d0ec401ca9e675c1b1ba16dfa7734ff99c762d0a85e2d3dc7f01b620bc686b13f13f264cc2ccb0480eac906
SSDEEP

49152:edqADQtObhUvlTW3aaQbHVxfrRo4KLn/sZSA15pV9xmIRB1aW:ePDQ0bqvl63WVxto1LsnpV9kIRB1aW

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  2fcdec22512db65dc6356aeeb679553b
- Size
  
  2.0MB
- MD5
  
  2fcdec22512db65dc6356aeeb679553b
- SHA1
  
  0410ed312b7c5ec84ac776ce8ad1ebffa4663a0a
- SHA256
  
  457d3de1e5ce0a64701edaa3943bf2b7bf73573043f87608ead4a714f88ce269
- SHA512
  
  b14c10a4fedc1cef6b09ec0e28bd1c09b41d3fa72d0ec401ca9e675c1b1ba16dfa7734ff99c762d0a85e2d3dc7f01b620bc686b13f13f264cc2ccb0480eac906
- SSDEEP
  
  49152:edqADQtObhUvlTW3aaQbHVxfrRo4KLn/sZSA15pV9xmIRB1aW:ePDQ0bqvl63WVxto1LsnpV9kIRB1aW
Score

8^/10

evasion persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables taskbar notifications via registry modification
  evasion
- Sets file execution options in registry
  persistence
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2