f281cfe07534257c894dc600b5089b0ab226c448c774c736b2136e1f12cad4ae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f281cfe07534257c894dc600b5089b0ab226c448c774c736b2136e1f12cad4aeN
Size

733KB
Sample

241005-rhf68svcjp
MD5

fba1c2c0766abe67c1275edbc6c2a5e0
SHA1

f2d2644bf5cbf7cc73e28f3901899fb59c038e4c
SHA256

f281cfe07534257c894dc600b5089b0ab226c448c774c736b2136e1f12cad4ae
SHA512

46e99d8a51859258ce3bd475320af75db7232207182ce0cff20c8a8fb50be7a7672bf46f35c4b8e9c26d636aafd57e250a1f57b444d64774ca4358aff887778b
SSDEEP

12288:13Fpj4rBRLukn+zKg2oOR2OQl5GAdmxQDgGeItGBV07XpWZhASRXHYnrmL:1VpUFRUgoOwOY5GAqQlFtWVAqRXHYrmL

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  f281cfe07534257c894dc600b5089b0ab226c448c774c736b2136e1f12cad4aeN
- Size
  
  733KB
- MD5
  
  fba1c2c0766abe67c1275edbc6c2a5e0
- SHA1
  
  f2d2644bf5cbf7cc73e28f3901899fb59c038e4c
- SHA256
  
  f281cfe07534257c894dc600b5089b0ab226c448c774c736b2136e1f12cad4ae
- SHA512
  
  46e99d8a51859258ce3bd475320af75db7232207182ce0cff20c8a8fb50be7a7672bf46f35c4b8e9c26d636aafd57e250a1f57b444d64774ca4358aff887778b
- SSDEEP
  
  12288:13Fpj4rBRLukn+zKg2oOR2OQl5GAdmxQDgGeItGBV07XpWZhASRXHYnrmL:1VpUFRUgoOwOY5GAqQlFtWVAqRXHYrmL
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation