17f6b899122cf87895db96de393fa5d0f84f2129868ef579fa17cf40b1cbaf77 | Triage

Sharing

General

Target

794a539a61b40d64487b92cbdded0ead
Size

414KB
Sample

240127-e8d4cadda8
MD5

794a539a61b40d64487b92cbdded0ead
SHA1

460a86f59ddcc6f00431e91cf5782751bc6c1480
SHA256

17f6b899122cf87895db96de393fa5d0f84f2129868ef579fa17cf40b1cbaf77
SHA512

e97d57f4ffefbc72295eb1c11b8ea2041437e8fb6c2188ea093614ce1d817168aa741a106752e59ca0aa63434b47981edfd49f0f4c999d0ee6da869fbb349489
SSDEEP

12288:okeVQkTrvj4sX84KLZpx44bbusUfH8B1z:o9QkTf4M842+4bMQz

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  794a539a61b40d64487b92cbdded0ead
- Size
  
  414KB
- MD5
  
  794a539a61b40d64487b92cbdded0ead
- SHA1
  
  460a86f59ddcc6f00431e91cf5782751bc6c1480
- SHA256
  
  17f6b899122cf87895db96de393fa5d0f84f2129868ef579fa17cf40b1cbaf77
- SHA512
  
  e97d57f4ffefbc72295eb1c11b8ea2041437e8fb6c2188ea093614ce1d817168aa741a106752e59ca0aa63434b47981edfd49f0f4c999d0ee6da869fbb349489
- SSDEEP
  
  12288:okeVQkTrvj4sX84KLZpx44bbusUfH8B1z:o9QkTf4M842+4bMQz
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence