1f90b4e519cb1bb3931a20314e1a0d6d363ba025893a2bf209f3cfe8c9a979c2 | Triage

Sharing

General

Target

1f90b4e519cb1bb3931a20314e1a0d6d363ba025893a2bf209f3cfe8c9a979c2
Size

260KB
Sample

221014-me4qxabah2
MD5

72acde79ffdc4f7b0ee75cd50314808c
SHA1

ac3c43ee011ab4a8960850eac370d1fe7ac3c350
SHA256

1f90b4e519cb1bb3931a20314e1a0d6d363ba025893a2bf209f3cfe8c9a979c2
SHA512

c2e4bdae1ba25d9fa8a3e006b02480f7da081209ce7826cbecffa53988dbbbecfc45d0b56241c9ff3104801014343d4c69f9d6a16c7cb81ff4c19fe9afef341f
SSDEEP

6144:ga4MM5ek/pqeQgBjEVdgupzywmsGFeeRDQ3:cMM5//pqwjMdgupzypVo

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1f90b4e519cb1bb3931a20314e1a0d6d363ba025893a2bf209f3cfe8c9a979c2
- Size
  
  260KB
- MD5
  
  72acde79ffdc4f7b0ee75cd50314808c
- SHA1
  
  ac3c43ee011ab4a8960850eac370d1fe7ac3c350
- SHA256
  
  1f90b4e519cb1bb3931a20314e1a0d6d363ba025893a2bf209f3cfe8c9a979c2
- SHA512
  
  c2e4bdae1ba25d9fa8a3e006b02480f7da081209ce7826cbecffa53988dbbbecfc45d0b56241c9ff3104801014343d4c69f9d6a16c7cb81ff4c19fe9afef341f
- SSDEEP
  
  6144:ga4MM5ek/pqeQgBjEVdgupzywmsGFeeRDQ3:cMM5//pqwjMdgupzypVo
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence