e67910442a47a80b2d0f01be4e99339586d2476000a9ada39b3787ee8361f8fc | Triage

Sharing

General

Target

8018688837cddbc6e01a729ebd88cb41
Size

540KB
Sample

240129-r2l7lacae6
MD5

8018688837cddbc6e01a729ebd88cb41
SHA1

dd1d4341340c77ecd7345f2b537fa6281ca186a3
SHA256

e67910442a47a80b2d0f01be4e99339586d2476000a9ada39b3787ee8361f8fc
SHA512

4e5ecab5b4576627bb474cacaf9ab135f22a5e11e99a935c7b136f0874fd425a56041eaa594d049cf8ec835168359b99079b371a8efe57d2146f710c20ed9bec
SSDEEP

12288:oFZCv7TnOqMiWaf7BI3aJdJZie1LRgT4y9MMnMMMMMtM/E:UZCzTOqx97BRa0OLMMnMMMMMt

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  8018688837cddbc6e01a729ebd88cb41
- Size
  
  540KB
- MD5
  
  8018688837cddbc6e01a729ebd88cb41
- SHA1
  
  dd1d4341340c77ecd7345f2b537fa6281ca186a3
- SHA256
  
  e67910442a47a80b2d0f01be4e99339586d2476000a9ada39b3787ee8361f8fc
- SHA512
  
  4e5ecab5b4576627bb474cacaf9ab135f22a5e11e99a935c7b136f0874fd425a56041eaa594d049cf8ec835168359b99079b371a8efe57d2146f710c20ed9bec
- SSDEEP
  
  12288:oFZCv7TnOqMiWaf7BI3aJdJZie1LRgT4y9MMnMMMMMtM/E:UZCzTOqx97BRa0OLMMnMMMMMt
Score

8^/10

evasion persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence