d70863b9e8bb95cee8155673a85dc1116161652df0bb19cd2f0a9967991f7567 | Triage

Sharing

General

Target

d70863b9e8bb95cee8155673a85dc1116161652df0bb19cd2f0a9967991f7567
Size

152KB
Sample

221011-lgxjyagcfm
MD5

617048f5a63835e7b540f6b6960fffbf
SHA1

d684da0bb49644ceb31463c5f86d36667f23cbfa
SHA256

d70863b9e8bb95cee8155673a85dc1116161652df0bb19cd2f0a9967991f7567
SHA512

f437b6148b93fce01ff943d3e033630b3a0c4689f4430a5410be8087dfbaebae34ca28777beb6c5d64b58c7dc195f4ae88a6642c27c52fb0c6d2ef30d1e56d5a
SSDEEP

3072:lmlHPTYhjI/sk+7MxJUbaxI3zQyzLBuT+Fov:1k+7Mxa0yzGv

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d70863b9e8bb95cee8155673a85dc1116161652df0bb19cd2f0a9967991f7567
- Size
  
  152KB
- MD5
  
  617048f5a63835e7b540f6b6960fffbf
- SHA1
  
  d684da0bb49644ceb31463c5f86d36667f23cbfa
- SHA256
  
  d70863b9e8bb95cee8155673a85dc1116161652df0bb19cd2f0a9967991f7567
- SHA512
  
  f437b6148b93fce01ff943d3e033630b3a0c4689f4430a5410be8087dfbaebae34ca28777beb6c5d64b58c7dc195f4ae88a6642c27c52fb0c6d2ef30d1e56d5a
- SSDEEP
  
  3072:lmlHPTYhjI/sk+7MxJUbaxI3zQyzLBuT+Fov:1k+7Mxa0yzGv
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence