19b80e115d596e27005931ffccca85b96aa76db39340fa039850dd7f6be313cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19b80e115d596e27005931ffccca85b96aa76db39340fa039850dd7f6be313cc
Size

88KB
Sample

221014-mca1taahe9
MD5

7326621e1ee5c37c79e1bfc1bee46642
SHA1

41db6bf8ed6f8b76954e4b399da889c75db30087
SHA256

19b80e115d596e27005931ffccca85b96aa76db39340fa039850dd7f6be313cc
SHA512

781be37a3fc8957d79fa0c273eaf91aa9d29be15963f89ab509894642e10afb8388d31c04564bcdf94e056c9b05f5ff6c8337193c5e57613f970f4f59be0ed83
SSDEEP

1536:Z5Qw1NHlglFEJ71b/gYmHVwrESr3GV4VE:LQGUiJ71bks3G

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  19b80e115d596e27005931ffccca85b96aa76db39340fa039850dd7f6be313cc
- Size
  
  88KB
- MD5
  
  7326621e1ee5c37c79e1bfc1bee46642
- SHA1
  
  41db6bf8ed6f8b76954e4b399da889c75db30087
- SHA256
  
  19b80e115d596e27005931ffccca85b96aa76db39340fa039850dd7f6be313cc
- SHA512
  
  781be37a3fc8957d79fa0c273eaf91aa9d29be15963f89ab509894642e10afb8388d31c04564bcdf94e056c9b05f5ff6c8337193c5e57613f970f4f59be0ed83
- SSDEEP
  
  1536:Z5Qw1NHlglFEJ71b/gYmHVwrESr3GV4VE:LQGUiJ71bks3G
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence