f0fb72340acf199b5fff2327ba5ad04e1d15fab364e3c09cfd2fdc7a66144893 | Triage

Sharing

General

Target

f0fb72340acf199b5fff2327ba5ad04e1d15fab364e3c09cfd2fdc7a66144893
Size

152KB
Sample

221003-tyqrqaegf3
MD5

61fd5bcd58cc9d99a593f65e58226be5
SHA1

52fc6bd756e3adb70c7b69e60951122b7c3191cc
SHA256

f0fb72340acf199b5fff2327ba5ad04e1d15fab364e3c09cfd2fdc7a66144893
SHA512

0029378465c2b01789f544ae09a20a75b82822fd91e663f0e80ba2598481f7e1c4fbe0f16abc7974e580fc2c0fd5bc488ce472c2438a7150e01f035a3e3f5648
SSDEEP

3072:ptDgFmCmeGMS6WLI3kTB58hahpkzFhPAOJ0NAW/pe4oQZiEbU:kRmeGMS6Wc3kn9ADPAOJ0NJUW+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f0fb72340acf199b5fff2327ba5ad04e1d15fab364e3c09cfd2fdc7a66144893
- Size
  
  152KB
- MD5
  
  61fd5bcd58cc9d99a593f65e58226be5
- SHA1
  
  52fc6bd756e3adb70c7b69e60951122b7c3191cc
- SHA256
  
  f0fb72340acf199b5fff2327ba5ad04e1d15fab364e3c09cfd2fdc7a66144893
- SHA512
  
  0029378465c2b01789f544ae09a20a75b82822fd91e663f0e80ba2598481f7e1c4fbe0f16abc7974e580fc2c0fd5bc488ce472c2438a7150e01f035a3e3f5648
- SSDEEP
  
  3072:ptDgFmCmeGMS6WLI3kTB58hahpkzFhPAOJ0NAW/pe4oQZiEbU:kRmeGMS6Wc3kn9ADPAOJ0NJUW+
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence