19ef8a51f47a3710a29f0e1fd1e08c93d434d37bbd65230903a6d9b391df0889 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19ef8a51f47a3710a29f0e1fd1e08c93d434d37bbd65230903a6d9b391df0889
Size

156KB
Sample

220919-cjhzwsfgfp
MD5

d917d6e28f7bbd43a1d8bdccdaa835a2
SHA1

0a0c755aef7e3218f32f8e51c4a301f65f3f4124
SHA256

19ef8a51f47a3710a29f0e1fd1e08c93d434d37bbd65230903a6d9b391df0889
SHA512

00599d1f9d0b24780c298689b6cf5664355355658db8e4641e10ab1a483c653c26498de692984ad26de170f854be865d28251e1361b106d92685edb441681bee
SSDEEP

1536:9OkumouYiBU8gRDGHPOGMmUbaxGAka+t/K9rCGaV9mw7Jqx8M+dzAbOQgRVd:DouYka4UbaxqkCGaVD7JqfKAbfod

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  19ef8a51f47a3710a29f0e1fd1e08c93d434d37bbd65230903a6d9b391df0889
- Size
  
  156KB
- MD5
  
  d917d6e28f7bbd43a1d8bdccdaa835a2
- SHA1
  
  0a0c755aef7e3218f32f8e51c4a301f65f3f4124
- SHA256
  
  19ef8a51f47a3710a29f0e1fd1e08c93d434d37bbd65230903a6d9b391df0889
- SHA512
  
  00599d1f9d0b24780c298689b6cf5664355355658db8e4641e10ab1a483c653c26498de692984ad26de170f854be865d28251e1361b106d92685edb441681bee
- SSDEEP
  
  1536:9OkumouYiBU8gRDGHPOGMmUbaxGAka+t/K9rCGaV9mw7Jqx8M+dzAbOQgRVd:DouYka4UbaxqkCGaVD7JqfKAbfod
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence