17124758a34e3d416d860900b22a8363d1f6aa49d87a1af742ff86996886357b | Triage

Sharing

General

Target

17124758a34e3d416d860900b22a8363d1f6aa49d87a1af742ff86996886357b
Size

192KB
Sample

221003-ddwt8sdbb3
MD5

6ad35ddb76fc57062bf65671f8539e09
SHA1

2c47593edd825af1b536a0c197d22bf1f402192c
SHA256

17124758a34e3d416d860900b22a8363d1f6aa49d87a1af742ff86996886357b
SHA512

0048d26402d908494d7622d84b49c9670ca04ee3657e4468caafa2edde8d46f07ec6a7042219827ac1666f8b1dc0a04467f09df704727d279730a918f56d2da1
SSDEEP

1536:+p9c72Oan2aaaaat031AdQWB5kCFrWszRUOHFlQhzyLwVKftfVBiZHAPloFp5A2:+dO2cW3kCFrWsF2eLbqx2AXFs89

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  17124758a34e3d416d860900b22a8363d1f6aa49d87a1af742ff86996886357b
- Size
  
  192KB
- MD5
  
  6ad35ddb76fc57062bf65671f8539e09
- SHA1
  
  2c47593edd825af1b536a0c197d22bf1f402192c
- SHA256
  
  17124758a34e3d416d860900b22a8363d1f6aa49d87a1af742ff86996886357b
- SHA512
  
  0048d26402d908494d7622d84b49c9670ca04ee3657e4468caafa2edde8d46f07ec6a7042219827ac1666f8b1dc0a04467f09df704727d279730a918f56d2da1
- SSDEEP
  
  1536:+p9c72Oan2aaaaat031AdQWB5kCFrWszRUOHFlQhzyLwVKftfVBiZHAPloFp5A2:+dO2cW3kCFrWsF2eLbqx2AXFs89
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence