5a3740aef8a358b14b688485b2977f2cd8bc28e6bc2db9429e15942f81600610 | Triage

Sharing

General

Target

5a3740aef8a358b14b688485b2977f2cd8bc28e6bc2db9429e15942f81600610
Size

296KB
Sample

221011-zhex6sdfdr
MD5

778c49a51065d4172f2caa76b47b3950
SHA1

90dcc1995eaccc34916255b8ee62ec9d1b5a3be1
SHA256

5a3740aef8a358b14b688485b2977f2cd8bc28e6bc2db9429e15942f81600610
SHA512

965b159b475ccafe5543241716f6faa374941614a5ad4345b1a075510212434a35afe89198e89283a283bf90a3f0fcf778b699bdac59950f85ccb51f8f372993
SSDEEP

6144:kkuD1y0FXrKnvmb7/D26OJYPsMiqDJlJNwHG6s20EBb4jHX3QA/hwNGhWhThPvMj:kBD1y0F7Knvmb7/D265DJlJNwHG6JTbA

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5a3740aef8a358b14b688485b2977f2cd8bc28e6bc2db9429e15942f81600610
- Size
  
  296KB
- MD5
  
  778c49a51065d4172f2caa76b47b3950
- SHA1
  
  90dcc1995eaccc34916255b8ee62ec9d1b5a3be1
- SHA256
  
  5a3740aef8a358b14b688485b2977f2cd8bc28e6bc2db9429e15942f81600610
- SHA512
  
  965b159b475ccafe5543241716f6faa374941614a5ad4345b1a075510212434a35afe89198e89283a283bf90a3f0fcf778b699bdac59950f85ccb51f8f372993
- SSDEEP
  
  6144:kkuD1y0FXrKnvmb7/D26OJYPsMiqDJlJNwHG6s20EBb4jHX3QA/hwNGhWhThPvMj:kBD1y0F7Knvmb7/D265DJlJNwHG6JTbA
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence