3d82a70be1405081142d3877128b667d499a2055acf9bfdd3d319bdfe5d7bb49 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d82a70be1405081142d3877128b667d499a2055acf9bfdd3d319bdfe5d7bb49
Size

176KB
Sample

221002-jgw73aeba5
MD5

7172882464d3a21717d11a0bde8b8000
SHA1

490ea48c5518501b4c8e8d968c890574cf4fedc9
SHA256

3d82a70be1405081142d3877128b667d499a2055acf9bfdd3d319bdfe5d7bb49
SHA512

4ec24252447628dce0e15d4fa407b567995bb8a21fa7d504ab743d7beac6a4c6b74e3be42c6f204c1cf78f9be908be7282d018b6bfbb6c552778e806286afa58
SSDEEP

3072:D55ph8C/nROzg7iiwJvXZETcbLn67kLpyRurohZbsn4KhWNUzMzGV5/bBD3yqrux:th7YU7iiwJvXZETcbLn6YLProhZbsn4D

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3d82a70be1405081142d3877128b667d499a2055acf9bfdd3d319bdfe5d7bb49
- Size
  
  176KB
- MD5
  
  7172882464d3a21717d11a0bde8b8000
- SHA1
  
  490ea48c5518501b4c8e8d968c890574cf4fedc9
- SHA256
  
  3d82a70be1405081142d3877128b667d499a2055acf9bfdd3d319bdfe5d7bb49
- SHA512
  
  4ec24252447628dce0e15d4fa407b567995bb8a21fa7d504ab743d7beac6a4c6b74e3be42c6f204c1cf78f9be908be7282d018b6bfbb6c552778e806286afa58
- SSDEEP
  
  3072:D55ph8C/nROzg7iiwJvXZETcbLn67kLpyRurohZbsn4KhWNUzMzGV5/bBD3yqrux:th7YU7iiwJvXZETcbLn6YLProhZbsn4D
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence