540fa5641df1b2af9d63432b4d47a3fe7bdf08f445bbd45e191ba3d7d3b76c37 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

540fa5641df1b2af9d63432b4d47a3fe7bdf08f445bbd45e191ba3d7d3b76c37
Size

176KB
Sample

221014-ma6ppsahb3
MD5

562a430def1ca319e516509b6cb9ff72
SHA1

b6767e3880f7a17a002583362e5d31f798a876f2
SHA256

540fa5641df1b2af9d63432b4d47a3fe7bdf08f445bbd45e191ba3d7d3b76c37
SHA512

328a4d9730c70e4490e3bc5c87d8aed0557532c2bf247344cb57dc9df31e6fcd0ad22ecadd59207f70db077a49dff0ac2a300beec90e55502c03848763013990
SSDEEP

3072:GwgYt08Jdg/gvZd2kcZ/luGKwFBq60CdaN:GUt82Zdu/0W0C

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  540fa5641df1b2af9d63432b4d47a3fe7bdf08f445bbd45e191ba3d7d3b76c37
- Size
  
  176KB
- MD5
  
  562a430def1ca319e516509b6cb9ff72
- SHA1
  
  b6767e3880f7a17a002583362e5d31f798a876f2
- SHA256
  
  540fa5641df1b2af9d63432b4d47a3fe7bdf08f445bbd45e191ba3d7d3b76c37
- SHA512
  
  328a4d9730c70e4490e3bc5c87d8aed0557532c2bf247344cb57dc9df31e6fcd0ad22ecadd59207f70db077a49dff0ac2a300beec90e55502c03848763013990
- SSDEEP
  
  3072:GwgYt08Jdg/gvZd2kcZ/luGKwFBq60CdaN:GUt82Zdu/0W0C
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence