77158609c29bcffc66a31c3483bf6d524c318a4b52443b77c7b644665ed88f22 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

77158609c29bcffc66a31c3483bf6d524c318a4b52443b77c7b644665ed88f22
Size

224KB
Sample

221002-aysfrsfcal
MD5

6718bb697fc31aa5d3310c4874f9fc20
SHA1

0db289453ff58c7d100d5569075327f5c86270f6
SHA256

77158609c29bcffc66a31c3483bf6d524c318a4b52443b77c7b644665ed88f22
SHA512

65eec5a77ffd6af5b4ad90640957205367802cbc811e32271848694cde9c9d41f17476fe61ee6eaacdb2a9bf36dda3b4dedd3b8c3081eda1fb26022196fdef0f
SSDEEP

3072:g5IIyRsIqrgl4iEzjKTF40qVA0KNBx9lDP:g5IrGIqrgCHpXA0KZ9R

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  77158609c29bcffc66a31c3483bf6d524c318a4b52443b77c7b644665ed88f22
- Size
  
  224KB
- MD5
  
  6718bb697fc31aa5d3310c4874f9fc20
- SHA1
  
  0db289453ff58c7d100d5569075327f5c86270f6
- SHA256
  
  77158609c29bcffc66a31c3483bf6d524c318a4b52443b77c7b644665ed88f22
- SHA512
  
  65eec5a77ffd6af5b4ad90640957205367802cbc811e32271848694cde9c9d41f17476fe61ee6eaacdb2a9bf36dda3b4dedd3b8c3081eda1fb26022196fdef0f
- SSDEEP
  
  3072:g5IIyRsIqrgl4iEzjKTF40qVA0KNBx9lDP:g5IrGIqrgCHpXA0KZ9R
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence