39514c2e75ca15d1d26ad22ca53fe874f226ff1dab88d80fa8bf518fb8cb834e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39514c2e75ca15d1d26ad22ca53fe874f226ff1dab88d80fa8bf518fb8cb834e
Size

248KB
Sample

221012-sbyndagda2
MD5

7bc9f9f935a3aa172094b1fdfcf2cbd0
SHA1

4a944fa20e5604163f094b9c8984b3ec99e58f8f
SHA256

39514c2e75ca15d1d26ad22ca53fe874f226ff1dab88d80fa8bf518fb8cb834e
SHA512

bf39ef7a8c4c8c1e2b33c0c2bd16e701fb86d0d27898acb513801dcb7a7a26bf35345826c2d6ab69a5f79edbc5bf1334fbd252964e27b3550e75ecd7e11cda6f
SSDEEP

3072:+R4hIdJvRVFD1yPBYEmaHtGG2gqZ+/9A+JRjKY5Md41gfy27:P6h1yPptGG2gqZ+FfKqDsX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  39514c2e75ca15d1d26ad22ca53fe874f226ff1dab88d80fa8bf518fb8cb834e
- Size
  
  248KB
- MD5
  
  7bc9f9f935a3aa172094b1fdfcf2cbd0
- SHA1
  
  4a944fa20e5604163f094b9c8984b3ec99e58f8f
- SHA256
  
  39514c2e75ca15d1d26ad22ca53fe874f226ff1dab88d80fa8bf518fb8cb834e
- SHA512
  
  bf39ef7a8c4c8c1e2b33c0c2bd16e701fb86d0d27898acb513801dcb7a7a26bf35345826c2d6ab69a5f79edbc5bf1334fbd252964e27b3550e75ecd7e11cda6f
- SSDEEP
  
  3072:+R4hIdJvRVFD1yPBYEmaHtGG2gqZ+/9A+JRjKY5Md41gfy27:P6h1yPptGG2gqZ+FfKqDsX
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence