574b8d304c55ed31b38da483a9fd81e72deeb5aee369cc71b7eb854592d9e480 | Triage

Sharing

General

Target

574b8d304c55ed31b38da483a9fd81e72deeb5aee369cc71b7eb854592d9e480
Size

196KB
Sample

221003-h4d5bschc9
MD5

6d23ce239b3d605c4ffcb2ed0b16e470
SHA1

03502d1e23f61e47dfcc2654f8c16fbdd1a0614b
SHA256

574b8d304c55ed31b38da483a9fd81e72deeb5aee369cc71b7eb854592d9e480
SHA512

e24811eb1d51af3f490f9496f30613d2308e79aec57a49cc6e310ae1bc693af0ab4bdbb75b00a32a410083df004c0735405def549595474b34551a479f1dcc4b
SSDEEP

6144:u3aeGHT3U6Pr7FXlbWc3PuV/rvGXUf39GZjJ21OhCJiviq2YWDppQ7fI:u3SPr7FXlbWc3PuV/r+XUf39GZjJ21Oc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  574b8d304c55ed31b38da483a9fd81e72deeb5aee369cc71b7eb854592d9e480
- Size
  
  196KB
- MD5
  
  6d23ce239b3d605c4ffcb2ed0b16e470
- SHA1
  
  03502d1e23f61e47dfcc2654f8c16fbdd1a0614b
- SHA256
  
  574b8d304c55ed31b38da483a9fd81e72deeb5aee369cc71b7eb854592d9e480
- SHA512
  
  e24811eb1d51af3f490f9496f30613d2308e79aec57a49cc6e310ae1bc693af0ab4bdbb75b00a32a410083df004c0735405def549595474b34551a479f1dcc4b
- SSDEEP
  
  6144:u3aeGHT3U6Pr7FXlbWc3PuV/rvGXUf39GZjJ21OhCJiviq2YWDppQ7fI:u3SPr7FXlbWc3PuV/r+XUf39GZjJ21Oc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence