9472cacb2fb4edbec37a8b162bc2fb07546856d3353b03b44ae7cdf1e60b9c39 | Triage

Sharing

General

Target

9472cacb2fb4edbec37a8b162bc2fb07546856d3353b03b44ae7cdf1e60b9c39
Size

100KB
Sample

221001-yaerrsdgcl
MD5

72d6ea25b18b8b5083df54e84bda0e9d
SHA1

c32f4fd10ec57ccbdad6050b78d3b82788cf4c65
SHA256

9472cacb2fb4edbec37a8b162bc2fb07546856d3353b03b44ae7cdf1e60b9c39
SHA512

413d14eef608ad09dc5f1309266a14f17eb402a4178837233d233c1e62ab1db314ff88ff7a266994757be9c02a6c1ed79661720299bea4ac7a878fbeab00f036
SSDEEP

1536:CJt0882NTdwBLLGZcYADZPU1+73BD88b0nyMNIjnZr7:6wQgZPUQJMCnt7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9472cacb2fb4edbec37a8b162bc2fb07546856d3353b03b44ae7cdf1e60b9c39
- Size
  
  100KB
- MD5
  
  72d6ea25b18b8b5083df54e84bda0e9d
- SHA1
  
  c32f4fd10ec57ccbdad6050b78d3b82788cf4c65
- SHA256
  
  9472cacb2fb4edbec37a8b162bc2fb07546856d3353b03b44ae7cdf1e60b9c39
- SHA512
  
  413d14eef608ad09dc5f1309266a14f17eb402a4178837233d233c1e62ab1db314ff88ff7a266994757be9c02a6c1ed79661720299bea4ac7a878fbeab00f036
- SSDEEP
  
  1536:CJt0882NTdwBLLGZcYADZPU1+73BD88b0nyMNIjnZr7:6wQgZPUQJMCnt7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence