07ad9373fd6879b8ebf6e51d1504d9d17d4efd842746c1ef6e463fa32bb652eb | Triage

Sharing

General

Target

07ad9373fd6879b8ebf6e51d1504d9d17d4efd842746c1ef6e463fa32bb652eb
Size

82KB
Sample

221003-tyf8aaefhp
MD5

675d999a5916c989d33745c3a60574fa
SHA1

7a37ed7b6a7fd6549a1431e679a03c2b182ceb75
SHA256

07ad9373fd6879b8ebf6e51d1504d9d17d4efd842746c1ef6e463fa32bb652eb
SHA512

84621fcd75d0a18f26dfa5d6ab75ab51a1ecd3bfb2abe9e4b8042e40b4057d44110f1f8aefe1125ddb674426b11104869b0e46b59a325713e3b4437c108f436d
SSDEEP

1536:vTv20IM4O4yp7lPWbptUurXM2G5rK8WQHbH082FTG0z9uc/Euxr/4B+ROS:JFh4HXMa27HEjb8uR/4wROS

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  07ad9373fd6879b8ebf6e51d1504d9d17d4efd842746c1ef6e463fa32bb652eb
- Size
  
  82KB
- MD5
  
  675d999a5916c989d33745c3a60574fa
- SHA1
  
  7a37ed7b6a7fd6549a1431e679a03c2b182ceb75
- SHA256
  
  07ad9373fd6879b8ebf6e51d1504d9d17d4efd842746c1ef6e463fa32bb652eb
- SHA512
  
  84621fcd75d0a18f26dfa5d6ab75ab51a1ecd3bfb2abe9e4b8042e40b4057d44110f1f8aefe1125ddb674426b11104869b0e46b59a325713e3b4437c108f436d
- SSDEEP
  
  1536:vTv20IM4O4yp7lPWbptUurXM2G5rK8WQHbH082FTG0z9uc/Euxr/4B+ROS:JFh4HXMa27HEjb8uR/4wROS
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence