9ad1f6344fa926e0c79860187d92a5400e92b934e109f584bba379db5af05e35 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8f00ac13c3dd87ab781c579ffaf307ba
Size

728KB
Sample

240204-m9z17sabgq
MD5

8f00ac13c3dd87ab781c579ffaf307ba
SHA1

f430e75ed3885f66aabf5e124bb4e59bea615ce8
SHA256

9ad1f6344fa926e0c79860187d92a5400e92b934e109f584bba379db5af05e35
SHA512

e982efeceea55916e729f85c085017367f8d9e8f3cf1f1a0dfabd312ff03ba30ee875ffb5de289761b0f179b0813532da801f270492a8f204f811ed4b4607980
SSDEEP

12288:z2/I3CMZC4u8YBbY5zgHWHmt8qMWmmcKDgGeItoEc9GspWZhASRXHYnrmN:z2QSmCrmgHCmKqMWkKlFtov9GsqRXHYW

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  8f00ac13c3dd87ab781c579ffaf307ba
- Size
  
  728KB
- MD5
  
  8f00ac13c3dd87ab781c579ffaf307ba
- SHA1
  
  f430e75ed3885f66aabf5e124bb4e59bea615ce8
- SHA256
  
  9ad1f6344fa926e0c79860187d92a5400e92b934e109f584bba379db5af05e35
- SHA512
  
  e982efeceea55916e729f85c085017367f8d9e8f3cf1f1a0dfabd312ff03ba30ee875ffb5de289761b0f179b0813532da801f270492a8f204f811ed4b4607980
- SSDEEP
  
  12288:z2/I3CMZC4u8YBbY5zgHWHmt8qMWmmcKDgGeItoEc9GspWZhASRXHYnrmN:z2QSmCrmgHCmKqMWkKlFtov9GsqRXHYW
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2