65059d947a559dba3ee2bd7dc48c7a8ce1bceb35ff3f32605c12a98f074d5e70 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

65059d947a559dba3ee2bd7dc48c7a8ce1bceb35ff3f32605c12a98f074d5e70
Size

332KB
Sample

221003-dlq9qaddh3
MD5

4edfb3d570ba9782b343910c9844e660
SHA1

d28b5e393b39d0d7ba67a30c96f4bf5ceea00010
SHA256

65059d947a559dba3ee2bd7dc48c7a8ce1bceb35ff3f32605c12a98f074d5e70
SHA512

8bd27ec7f616b3758d50ecf272f6fdf8a2fad3989b4e910b7be057cdc751fbdb9a15b0a883a8a55aebbd587ccccda31ac1dc7291b61a93dd8c623b9ba7b1b643
SSDEEP

6144:d2Zr53PuruVxZS82fEbtYzjSCxBUg1KM6sHUutF:dG/uqxZS8EDh3vU+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  65059d947a559dba3ee2bd7dc48c7a8ce1bceb35ff3f32605c12a98f074d5e70
- Size
  
  332KB
- MD5
  
  4edfb3d570ba9782b343910c9844e660
- SHA1
  
  d28b5e393b39d0d7ba67a30c96f4bf5ceea00010
- SHA256
  
  65059d947a559dba3ee2bd7dc48c7a8ce1bceb35ff3f32605c12a98f074d5e70
- SHA512
  
  8bd27ec7f616b3758d50ecf272f6fdf8a2fad3989b4e910b7be057cdc751fbdb9a15b0a883a8a55aebbd587ccccda31ac1dc7291b61a93dd8c623b9ba7b1b643
- SSDEEP
  
  6144:d2Zr53PuruVxZS82fEbtYzjSCxBUg1KM6sHUutF:dG/uqxZS8EDh3vU+
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence