17c1e80cdf1658bbd0d35300be70198b1fda585aee4e97672f28f19f7af4e6db | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17c1e80cdf1658bbd0d35300be70198b1fda585aee4e97672f28f19f7af4e6db
Size

371KB
Sample

221019-p6rxjahcar
MD5

915e78886c5b956a470b635469c4aa50
SHA1

8b9038b82bea066fd101366674e0d6d19a232534
SHA256

17c1e80cdf1658bbd0d35300be70198b1fda585aee4e97672f28f19f7af4e6db
SHA512

c33ce13c05c1cba249c1031725a495e017de4c33e07f76b88587f10a12d1fee1c939df25057cc4695089b595c1fe095e8bc146bd3a5f4801a6ab9081ac15cce9
SSDEEP

3072:B0bfWRrIMNRlZ62Pal2LBJXmzOHm5WZ3K+MCcOQ39cOaRr5ZGPVbOQ39cOaRr5ZO:BWepp3PJXCOGY3exOQ39cgOQ39cC

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  17c1e80cdf1658bbd0d35300be70198b1fda585aee4e97672f28f19f7af4e6db
- Size
  
  371KB
- MD5
  
  915e78886c5b956a470b635469c4aa50
- SHA1
  
  8b9038b82bea066fd101366674e0d6d19a232534
- SHA256
  
  17c1e80cdf1658bbd0d35300be70198b1fda585aee4e97672f28f19f7af4e6db
- SHA512
  
  c33ce13c05c1cba249c1031725a495e017de4c33e07f76b88587f10a12d1fee1c939df25057cc4695089b595c1fe095e8bc146bd3a5f4801a6ab9081ac15cce9
- SSDEEP
  
  3072:B0bfWRrIMNRlZ62Pal2LBJXmzOHm5WZ3K+MCcOQ39cOaRr5ZGPVbOQ39cOaRr5ZO:BWepp3PJXCOGY3exOQ39cgOQ39cC
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence