7b5477aedf8ca5f11cf0db66fcc580cdd253ff38ec103f4dac6a6a917d42fa16 | Triage

Sharing

General

Target

7b5477aedf8ca5f11cf0db66fcc580cdd253ff38ec103f4dac6a6a917d42fa16
Size

312KB
Sample

221003-1xscgshdcr
MD5

46e30c8e93a936140c3c543aba3f9e71
SHA1

813ab8fa8ea3d9a9669bb318a6fd87534c175d4f
SHA256

7b5477aedf8ca5f11cf0db66fcc580cdd253ff38ec103f4dac6a6a917d42fa16
SHA512

c27e99b4dbaf6110ecf4edf068561e3702b943d90a994e67326a9f1c7fbdd533d883e1091926f2b97203c907b9c62c9129bf73fdf5f3eef41369e43179f52cb2
SSDEEP

6144:4Abc0f7XP+g3AGJpWVzugs7PRHeEgRK/fObT/bGiJKv6R7MkZ4lUr8W9HuOGKqvs:zw27/XvLWpu/eEgRK/fObT/bGiJlMkZ9

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7b5477aedf8ca5f11cf0db66fcc580cdd253ff38ec103f4dac6a6a917d42fa16
- Size
  
  312KB
- MD5
  
  46e30c8e93a936140c3c543aba3f9e71
- SHA1
  
  813ab8fa8ea3d9a9669bb318a6fd87534c175d4f
- SHA256
  
  7b5477aedf8ca5f11cf0db66fcc580cdd253ff38ec103f4dac6a6a917d42fa16
- SHA512
  
  c27e99b4dbaf6110ecf4edf068561e3702b943d90a994e67326a9f1c7fbdd533d883e1091926f2b97203c907b9c62c9129bf73fdf5f3eef41369e43179f52cb2
- SSDEEP
  
  6144:4Abc0f7XP+g3AGJpWVzugs7PRHeEgRK/fObT/bGiJKv6R7MkZ4lUr8W9HuOGKqvs:zw27/XvLWpu/eEgRK/fObT/bGiJlMkZ9
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence