40357a5368864b170a55d04f4979d54b1a348ce1213169c4bd07d5a08088cc68 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40357a5368864b170a55d04f4979d54b1a348ce1213169c4bd07d5a08088cc68
Size

192KB
Sample

221011-y41akacgd7
MD5

58a5631d4e9fd96ef41c34365d2f73f0
SHA1

a41e0a9364b7abfc110b45f743f9024d98437425
SHA256

40357a5368864b170a55d04f4979d54b1a348ce1213169c4bd07d5a08088cc68
SHA512

3ad2cf3d9ee849c8ea329014e9ea1e6823db326ece95131f67fce8a4763644b1a2c9cf2193a5f2abbe89f0d1d5fc1dbe05d65a86e7b610e817267c64ca761b6f
SSDEEP

1536:tFcF2Oar4aaaaat031AdQWB5kCFrWszRUOHFlQhzyLwVKftfVBiZHAPloFp5A2mJ:vOdW3kCFrWsF2eLbqx2694sU9

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  40357a5368864b170a55d04f4979d54b1a348ce1213169c4bd07d5a08088cc68
- Size
  
  192KB
- MD5
  
  58a5631d4e9fd96ef41c34365d2f73f0
- SHA1
  
  a41e0a9364b7abfc110b45f743f9024d98437425
- SHA256
  
  40357a5368864b170a55d04f4979d54b1a348ce1213169c4bd07d5a08088cc68
- SHA512
  
  3ad2cf3d9ee849c8ea329014e9ea1e6823db326ece95131f67fce8a4763644b1a2c9cf2193a5f2abbe89f0d1d5fc1dbe05d65a86e7b610e817267c64ca761b6f
- SSDEEP
  
  1536:tFcF2Oar4aaaaat031AdQWB5kCFrWszRUOHFlQhzyLwVKftfVBiZHAPloFp5A2mJ:vOdW3kCFrWsF2eLbqx2694sU9
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence