2b7eebfb73b4841ed3273c3739cd1b584973594c0dc72e5564f9f7c882e372fe | Triage

Sharing

General

Target

2b7eebfb73b4841ed3273c3739cd1b584973594c0dc72e5564f9f7c882e372fe
Size

252KB
Sample

220919-r5tqvahcgq
MD5

08c3dc9a3d2d572786b96e746c4eebd5
SHA1

00643990914e20a1fd04f24e09ccee980c011f6f
SHA256

2b7eebfb73b4841ed3273c3739cd1b584973594c0dc72e5564f9f7c882e372fe
SHA512

707ba1f15e6acee49531746e1d1b063bcd4879abb9652f334a1b62214d14feb7eeeba0fb77ac8cbee0f184b9e20010e343c473f1bd506b561300905648749999
SSDEEP

6144:VTpBViVGBng9Gg4S628gA/igGuncMkcH/AeKnvmb7/D26ppSgCbvfMa:9p7igBngr4S628dFncMkcHIeKnvmb7/+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2b7eebfb73b4841ed3273c3739cd1b584973594c0dc72e5564f9f7c882e372fe
- Size
  
  252KB
- MD5
  
  08c3dc9a3d2d572786b96e746c4eebd5
- SHA1
  
  00643990914e20a1fd04f24e09ccee980c011f6f
- SHA256
  
  2b7eebfb73b4841ed3273c3739cd1b584973594c0dc72e5564f9f7c882e372fe
- SHA512
  
  707ba1f15e6acee49531746e1d1b063bcd4879abb9652f334a1b62214d14feb7eeeba0fb77ac8cbee0f184b9e20010e343c473f1bd506b561300905648749999
- SSDEEP
  
  6144:VTpBViVGBng9Gg4S628gA/igGuncMkcH/AeKnvmb7/D26ppSgCbvfMa:9p7igBngr4S628dFncMkcHIeKnvmb7/+
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence