f09e4d3a66d741decf3e725471310f209d061801e855d9cd24c12694418a668c | Triage

Sharing

General

Target

f09e4d3a66d741decf3e725471310f209d061801e855d9cd24c12694418a668c
Size

213KB
Sample

221017-yq9bbadbdn
MD5

1375197cd720ebcd47203d89627df0ed
SHA1

595dc6dc9cbe8479b9ebd9178036fcc54abe5019
SHA256

f09e4d3a66d741decf3e725471310f209d061801e855d9cd24c12694418a668c
SHA512

01b57e6661722d4d0560d6113415e91e98f5b051f6aac5e2f2b811e6c9aa16a7f442633263a8cb6eb569fb5037cf655b3735501c422e1ab5402224a145bc5f5c
SSDEEP

3072:zCUojjMLdjHzbochaybPWSV2pEJVFZgKToD2giTqAI8bhR:lAjMLhoGaJizFqwZgIqAD3

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f09e4d3a66d741decf3e725471310f209d061801e855d9cd24c12694418a668c
- Size
  
  213KB
- MD5
  
  1375197cd720ebcd47203d89627df0ed
- SHA1
  
  595dc6dc9cbe8479b9ebd9178036fcc54abe5019
- SHA256
  
  f09e4d3a66d741decf3e725471310f209d061801e855d9cd24c12694418a668c
- SHA512
  
  01b57e6661722d4d0560d6113415e91e98f5b051f6aac5e2f2b811e6c9aa16a7f442633263a8cb6eb569fb5037cf655b3735501c422e1ab5402224a145bc5f5c
- SSDEEP
  
  3072:zCUojjMLdjHzbochaybPWSV2pEJVFZgKToD2giTqAI8bhR:lAjMLhoGaJizFqwZgIqAD3
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence