79185e03c6c3ae5a2de42e96a4f9458761e093ae4a21c6a59e0c7fe2340f3f1f | Triage

Sharing

General

Target

79185e03c6c3ae5a2de42e96a4f9458761e093ae4a21c6a59e0c7fe2340f3f1f
Size

108KB
Sample

221014-makr8sagfq
MD5

68ce83a99796f379209b4f12e72e3bde
SHA1

26521cba4561702867f70a633a7415133d430ede
SHA256

79185e03c6c3ae5a2de42e96a4f9458761e093ae4a21c6a59e0c7fe2340f3f1f
SHA512

e3203ab14321fc4099989efebd405c187265a7ee1689357fc99d27c544efb425447b5f4f4ed487d78a1fb045a955177fb9dcdfb55331e76717fd2a77263a3c96
SSDEEP

1536:gXq8iAuismywsTQLw0wF9MGM9K/oKtNgCMbA1bL3N+NM5UfRvNIjnZjU:zTQ/KLOM52vCnh

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  79185e03c6c3ae5a2de42e96a4f9458761e093ae4a21c6a59e0c7fe2340f3f1f
- Size
  
  108KB
- MD5
  
  68ce83a99796f379209b4f12e72e3bde
- SHA1
  
  26521cba4561702867f70a633a7415133d430ede
- SHA256
  
  79185e03c6c3ae5a2de42e96a4f9458761e093ae4a21c6a59e0c7fe2340f3f1f
- SHA512
  
  e3203ab14321fc4099989efebd405c187265a7ee1689357fc99d27c544efb425447b5f4f4ed487d78a1fb045a955177fb9dcdfb55331e76717fd2a77263a3c96
- SSDEEP
  
  1536:gXq8iAuismywsTQLw0wF9MGM9K/oKtNgCMbA1bL3N+NM5UfRvNIjnZjU:zTQ/KLOM52vCnh
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence