dc7ed4fc490e7f2375068763cb59fe8914af894ef0661997b29333f647e4a225 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dc7ed4fc490e7f2375068763cb59fe8914af894ef0661997b29333f647e4a225
Size

280KB
Sample

221011-zh8kgsdfgn
MD5

69339f53f9b377c1cc46c8b6bdf425b0
SHA1

9f1c5662672486bfc34f748f36cc0b4985b7267a
SHA256

dc7ed4fc490e7f2375068763cb59fe8914af894ef0661997b29333f647e4a225
SHA512

848d199214e927661a19323cdbcc98e9ab35b871bfc85f5a9c88ae3e9d0e3a0c8af0e8f1e14f7f530a0c0989113f9446b4f9c382f2ad496cbdabdf5168645e13
SSDEEP

3072:xkW/vJZkT/Ozb1/7Vc1tdjZQQLnQhhyBZ8Irfdaqebssot7rFVtWzdbc9BXdA:xP/K2bVMJuQ0hhynfdaJqNrtWzCr6

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  dc7ed4fc490e7f2375068763cb59fe8914af894ef0661997b29333f647e4a225
- Size
  
  280KB
- MD5
  
  69339f53f9b377c1cc46c8b6bdf425b0
- SHA1
  
  9f1c5662672486bfc34f748f36cc0b4985b7267a
- SHA256
  
  dc7ed4fc490e7f2375068763cb59fe8914af894ef0661997b29333f647e4a225
- SHA512
  
  848d199214e927661a19323cdbcc98e9ab35b871bfc85f5a9c88ae3e9d0e3a0c8af0e8f1e14f7f530a0c0989113f9446b4f9c382f2ad496cbdabdf5168645e13
- SSDEEP
  
  3072:xkW/vJZkT/Ozb1/7Vc1tdjZQQLnQhhyBZ8Irfdaqebssot7rFVtWzdbc9BXdA:xP/K2bVMJuQ0hhynfdaJqNrtWzCr6
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence