046a1ab07d00310dfdbb8390f614bf3cd90aad379c5c713fc62889ea72792335 | Triage

Sharing

General

Target

71b2f3c40cf873641f39dde41d160c6a
Size

608KB
Sample

240124-jwnjgadean
MD5

71b2f3c40cf873641f39dde41d160c6a
SHA1

ca0aa9c6e5be1fba93ca3a5da3ed01584f3c9495
SHA256

046a1ab07d00310dfdbb8390f614bf3cd90aad379c5c713fc62889ea72792335
SHA512

1ed5e3b99974e434494d952e65df913dd6dfd599fd08161a024489e8efed78c04facaa91473124b8179f6db97c58186e0b962840f2ba511bf74f9083994fa87e
SSDEEP

12288:72KXHc77k5zsOn91Sbj+1+rG1Bhdk6b4LsXbqFVZguy1ukVLoGERBo2:72KXeCz7I+1GMdkVTcv1VVKt

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  71b2f3c40cf873641f39dde41d160c6a
- Size
  
  608KB
- MD5
  
  71b2f3c40cf873641f39dde41d160c6a
- SHA1
  
  ca0aa9c6e5be1fba93ca3a5da3ed01584f3c9495
- SHA256
  
  046a1ab07d00310dfdbb8390f614bf3cd90aad379c5c713fc62889ea72792335
- SHA512
  
  1ed5e3b99974e434494d952e65df913dd6dfd599fd08161a024489e8efed78c04facaa91473124b8179f6db97c58186e0b962840f2ba511bf74f9083994fa87e
- SSDEEP
  
  12288:72KXHc77k5zsOn91Sbj+1+rG1Bhdk6b4LsXbqFVZguy1ukVLoGERBo2:72KXeCz7I+1GMdkVTcv1VVKt
Score

8^/10

evasion persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence