73ec0de7c9867bbf261b7ce319bb8c18fd1acaf52f4b2867f7444559ecf87d18 | Triage

Sharing

General

Target

73ec0de7c9867bbf261b7ce319bb8c18fd1acaf52f4b2867f7444559ecf87d18
Size

52KB
Sample

220919-sad8cadfe9
MD5

6473b074b73b9ca176311bf100e02d9a
SHA1

19c03060ab2bedf181df7f406a31e90db8e8ac1d
SHA256

73ec0de7c9867bbf261b7ce319bb8c18fd1acaf52f4b2867f7444559ecf87d18
SHA512

dcb5a7d278169292ba0291386b72e9bccc6064d9b12f99cbf90a9d3513f7036b7863cd0e3fae8c9195cbf29ae472d3b1d4bd53608268656d31ea7dc31ee12d7c
SSDEEP

768:OWEJbB6haGnJntgTVH7NHaurxmWXOQfwoObuPb77e5yC:OWE96Jnml5lXAoO+H7cyC

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  73ec0de7c9867bbf261b7ce319bb8c18fd1acaf52f4b2867f7444559ecf87d18
- Size
  
  52KB
- MD5
  
  6473b074b73b9ca176311bf100e02d9a
- SHA1
  
  19c03060ab2bedf181df7f406a31e90db8e8ac1d
- SHA256
  
  73ec0de7c9867bbf261b7ce319bb8c18fd1acaf52f4b2867f7444559ecf87d18
- SHA512
  
  dcb5a7d278169292ba0291386b72e9bccc6064d9b12f99cbf90a9d3513f7036b7863cd0e3fae8c9195cbf29ae472d3b1d4bd53608268656d31ea7dc31ee12d7c
- SSDEEP
  
  768:OWEJbB6haGnJntgTVH7NHaurxmWXOQfwoObuPb77e5yC:OWE96Jnml5lXAoO+H7cyC
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence