e43a687ad1d6dd93157260935d840429b4b650db61bfc8946bf7a0f10a882d4b | Triage

Sharing

General

Target

b500525ec82203429144f30eadc3d602
Size

108KB
Sample

240305-sj1spshf6z
MD5

b500525ec82203429144f30eadc3d602
SHA1

b693d7d15674647a7ac8ab4abd41f2ffe84b75e5
SHA256

e43a687ad1d6dd93157260935d840429b4b650db61bfc8946bf7a0f10a882d4b
SHA512

cc5e6c9d152718e852e1eb3e9f2f6c71a45abd16cde063b2c7455b61eb26c4aae5ae8fbe8362a2fae3636624a1575b2b80fdea11bf71ff391755acfaeeb82e9d
SSDEEP

3072:h9fpaVgrXWJuH7RgwiGkfM1+rS3vK0Ya71r:PpQgrmJG7Rg4/+rS3SPm

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b500525ec82203429144f30eadc3d602
- Size
  
  108KB
- MD5
  
  b500525ec82203429144f30eadc3d602
- SHA1
  
  b693d7d15674647a7ac8ab4abd41f2ffe84b75e5
- SHA256
  
  e43a687ad1d6dd93157260935d840429b4b650db61bfc8946bf7a0f10a882d4b
- SHA512
  
  cc5e6c9d152718e852e1eb3e9f2f6c71a45abd16cde063b2c7455b61eb26c4aae5ae8fbe8362a2fae3636624a1575b2b80fdea11bf71ff391755acfaeeb82e9d
- SSDEEP
  
  3072:h9fpaVgrXWJuH7RgwiGkfM1+rS3vK0Ya71r:PpQgrmJG7Rg4/+rS3SPm
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence