76213a41d186bb57f4eec68540d892beecdea637e6d830600427a8568184b083 | Triage

Sharing

General

Target

76213a41d186bb57f4eec68540d892beecdea637e6d830600427a8568184b083
Size

204KB
Sample

221002-axsp5sfbfm
MD5

6b1c22e59578f85873b2ff88d539b691
SHA1

a0a7aeee096fc5187f860cfa6ec1bc0b506262a2
SHA256

76213a41d186bb57f4eec68540d892beecdea637e6d830600427a8568184b083
SHA512

ff18b9e486742339a144630db3c92382e214e9ed8a9e6d3a2010fe80c44dcdd7bebd3cca0b28f1b33c258c4af315ac76efdc8f9b5a0c5eb5e70a932359059e11
SSDEEP

3072:xgEtvXPR2p3zf+sJZY1Pm+Auw3jjOPyzgKxycD12XHvGcVdNQUQ:Rfgz2sJZC3SjBzbZWw

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  76213a41d186bb57f4eec68540d892beecdea637e6d830600427a8568184b083
- Size
  
  204KB
- MD5
  
  6b1c22e59578f85873b2ff88d539b691
- SHA1
  
  a0a7aeee096fc5187f860cfa6ec1bc0b506262a2
- SHA256
  
  76213a41d186bb57f4eec68540d892beecdea637e6d830600427a8568184b083
- SHA512
  
  ff18b9e486742339a144630db3c92382e214e9ed8a9e6d3a2010fe80c44dcdd7bebd3cca0b28f1b33c258c4af315ac76efdc8f9b5a0c5eb5e70a932359059e11
- SSDEEP
  
  3072:xgEtvXPR2p3zf+sJZY1Pm+Auw3jjOPyzgKxycD12XHvGcVdNQUQ:Rfgz2sJZC3SjBzbZWw
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence