a87fa6e062c3c2dd9e21f17ea5f281785bd346b725cf010e0746cd86fe581ee2 | Triage

Sharing

General

Target

a87fa6e062c3c2dd9e21f17ea5f281785bd346b725cf010e0746cd86fe581ee2
Size

84KB
Sample

221001-ykzvpadag2
MD5

6101fda3b80146753f1c7c5abbd36d17
SHA1

31f20990a690236ff77fd8461c611ef6db30d969
SHA256

a87fa6e062c3c2dd9e21f17ea5f281785bd346b725cf010e0746cd86fe581ee2
SHA512

09fa993c33694a87a1bf56998a2649f95ce0e362d8c568535d39147b24532cf11baeb701494046b3d4ffec9c835170025a017beb5a96074c7019a4e6bb86ae07
SSDEEP

768:9G9RIXmuec4OdJNUC1x2avPPpykILkGuIBLP3nEZCcLX/CVSFJ0T72Uap5/7TONO:9kZOdUCJwVu1ocTzFJ0T72VpF7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a87fa6e062c3c2dd9e21f17ea5f281785bd346b725cf010e0746cd86fe581ee2
- Size
  
  84KB
- MD5
  
  6101fda3b80146753f1c7c5abbd36d17
- SHA1
  
  31f20990a690236ff77fd8461c611ef6db30d969
- SHA256
  
  a87fa6e062c3c2dd9e21f17ea5f281785bd346b725cf010e0746cd86fe581ee2
- SHA512
  
  09fa993c33694a87a1bf56998a2649f95ce0e362d8c568535d39147b24532cf11baeb701494046b3d4ffec9c835170025a017beb5a96074c7019a4e6bb86ae07
- SSDEEP
  
  768:9G9RIXmuec4OdJNUC1x2avPPpykILkGuIBLP3nEZCcLX/CVSFJ0T72Uap5/7TONO:9kZOdUCJwVu1ocTzFJ0T72VpF7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence