990654b457f620bb23346bedaa65e23506df73a3eef07a20c86da0ffa935f119 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3fd08972d1086bcdf9058d4016f3b893
Size

267KB
Sample

240104-eca2taafg7
MD5

3fd08972d1086bcdf9058d4016f3b893
SHA1

69876e158f48a9c11b940191be1d9c07c09542cd
SHA256

990654b457f620bb23346bedaa65e23506df73a3eef07a20c86da0ffa935f119
SHA512

eb08376813f7e778b5bfa9ceabfcd216280578d3fdc0ea560d1286a66612e3170964a8c6d845fed14fb659099b61a3defa2eef623eea88c0fca1082f6de6b6ec
SSDEEP

6144:0Y1/PKKZeHP6tqsHbD1NhtJn0K2cecZW5q1inxEHUU+5jTHywCTi+:JP1eAhHbvh7n+BK0/dDywCT1

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  3fd08972d1086bcdf9058d4016f3b893
- Size
  
  267KB
- MD5
  
  3fd08972d1086bcdf9058d4016f3b893
- SHA1
  
  69876e158f48a9c11b940191be1d9c07c09542cd
- SHA256
  
  990654b457f620bb23346bedaa65e23506df73a3eef07a20c86da0ffa935f119
- SHA512
  
  eb08376813f7e778b5bfa9ceabfcd216280578d3fdc0ea560d1286a66612e3170964a8c6d845fed14fb659099b61a3defa2eef623eea88c0fca1082f6de6b6ec
- SSDEEP
  
  6144:0Y1/PKKZeHP6tqsHbD1NhtJn0K2cecZW5q1inxEHUU+5jTHywCTi+:JP1eAhHbvh7n+BK0/dDywCT1
Score

8^/10

evasion
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2