36e45be41b2e6cf8b3fae60bc70fcb736c2ea42def40fb7bfddfa668a4b9f598 | Triage

Sharing

General

Target

36e45be41b2e6cf8b3fae60bc70fcb736c2ea42def40fb7bfddfa668a4b9f598
Size

264KB
Sample

220919-mc6gqagdal
MD5

07d684e8e1fcf422c948e77e7dcbdc01
SHA1

701593e6bd07e43847801262d31bfc3a89445c71
SHA256

36e45be41b2e6cf8b3fae60bc70fcb736c2ea42def40fb7bfddfa668a4b9f598
SHA512

d669e8b16a8e4dddf02d5f06b5604790ff679e0c5a3b6e08a33d30a29eefc342432de895ee18f50295463db928f583f8472e0c932fcbe7b47b3776fbfeeef445
SSDEEP

6144:3FZiZ40OqFNLVJ6S0lE+6LVjlWPuEwTIwMe/wwUQO:3zGNhNLVJ/nLVjlWPuEwc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  36e45be41b2e6cf8b3fae60bc70fcb736c2ea42def40fb7bfddfa668a4b9f598
- Size
  
  264KB
- MD5
  
  07d684e8e1fcf422c948e77e7dcbdc01
- SHA1
  
  701593e6bd07e43847801262d31bfc3a89445c71
- SHA256
  
  36e45be41b2e6cf8b3fae60bc70fcb736c2ea42def40fb7bfddfa668a4b9f598
- SHA512
  
  d669e8b16a8e4dddf02d5f06b5604790ff679e0c5a3b6e08a33d30a29eefc342432de895ee18f50295463db928f583f8472e0c932fcbe7b47b3776fbfeeef445
- SSDEEP
  
  6144:3FZiZ40OqFNLVJ6S0lE+6LVjlWPuEwTIwMe/wwUQO:3zGNhNLVJ/nLVjlWPuEwc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence