d9422a8deb306bf1f4e1e9e5581df7194c2e298035885cbb77e3df7a448cf504 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d9422a8deb306bf1f4e1e9e5581df7194c2e298035885cbb77e3df7a448cf504
Size

68KB
Sample

221002-tcpyasehdq
MD5

67e9356677c12e308e24fd09a0b19770
SHA1

bfce1d71188c2ffb7b1a3b71f6b507531436edaf
SHA256

d9422a8deb306bf1f4e1e9e5581df7194c2e298035885cbb77e3df7a448cf504
SHA512

9523fa22a83959d755ae48760781d44756dfc170821e2a111f466332e533c748f0d100faddccf460e9181a20b1df2d673f154ce804bfe75c3de4c4409b298ddd
SSDEEP

768:EcAliTdaYAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:DAIxDAcqOK3qowgnt1d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d9422a8deb306bf1f4e1e9e5581df7194c2e298035885cbb77e3df7a448cf504
- Size
  
  68KB
- MD5
  
  67e9356677c12e308e24fd09a0b19770
- SHA1
  
  bfce1d71188c2ffb7b1a3b71f6b507531436edaf
- SHA256
  
  d9422a8deb306bf1f4e1e9e5581df7194c2e298035885cbb77e3df7a448cf504
- SHA512
  
  9523fa22a83959d755ae48760781d44756dfc170821e2a111f466332e533c748f0d100faddccf460e9181a20b1df2d673f154ce804bfe75c3de4c4409b298ddd
- SSDEEP
  
  768:EcAliTdaYAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:DAIxDAcqOK3qowgnt1d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence