937ff9ec61bb2e870515fcbe0380b8de519fad00e318dcbf45fe37f61938cd13 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

937ff9ec61bb2e870515fcbe0380b8de519fad00e318dcbf45fe37f61938cd13
Size

312KB
Sample

221002-hnp7nacfh3
MD5

70daacec7270df34269de6a0bbf61700
SHA1

dcc8fb9d0095ff5c4e66c8bdc21a4b3f59f1034d
SHA256

937ff9ec61bb2e870515fcbe0380b8de519fad00e318dcbf45fe37f61938cd13
SHA512

b517c211911893b9949483f775bac6d644781a6cc86206e403111d5cfe631427d8a078cd167eea40f44744f1625c08038b8c91b0f8cea04ce016ccd38cef99d4
SSDEEP

6144:pZXePJoXgYIlqAnIVDC8e5uMSXGJZPBP3Jm90GFw:CaXgYMNIVa5uM1D/U0sw

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  937ff9ec61bb2e870515fcbe0380b8de519fad00e318dcbf45fe37f61938cd13
- Size
  
  312KB
- MD5
  
  70daacec7270df34269de6a0bbf61700
- SHA1
  
  dcc8fb9d0095ff5c4e66c8bdc21a4b3f59f1034d
- SHA256
  
  937ff9ec61bb2e870515fcbe0380b8de519fad00e318dcbf45fe37f61938cd13
- SHA512
  
  b517c211911893b9949483f775bac6d644781a6cc86206e403111d5cfe631427d8a078cd167eea40f44744f1625c08038b8c91b0f8cea04ce016ccd38cef99d4
- SSDEEP
  
  6144:pZXePJoXgYIlqAnIVDC8e5uMSXGJZPBP3Jm90GFw:CaXgYMNIVa5uM1D/U0sw
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence