7d39687300a4e509f6a623ce3b72e4b8ec3dfb3b54cf6ac5f390d8253134705b | Triage

Sharing

General

Target

7d39687300a4e509f6a623ce3b72e4b8ec3dfb3b54cf6ac5f390d8253134705b
Size

244KB
Sample

221020-b79l3shdgm
MD5

807bf916f297d31f8dfa3c6ce294aa20
SHA1

0d583cd5b2469cea9c663630012a1997b842bc15
SHA256

7d39687300a4e509f6a623ce3b72e4b8ec3dfb3b54cf6ac5f390d8253134705b
SHA512

ba47c59c5161a9800caf0794113647abc53baa4a7f2fc3a0a1734ad9bc2fad8294f08621a85d48b2a451569967986629ebccd0d05f69bd88d8c949d14591ecac
SSDEEP

3072:wjvM4AOx/dMcy1imsW7A0g3XDYHYTvZm3ov5Q4/cMIVH5bEvhSSqeLSqnjYIb:q050Fy1imdJgc4s2QRhH5IXV

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7d39687300a4e509f6a623ce3b72e4b8ec3dfb3b54cf6ac5f390d8253134705b
- Size
  
  244KB
- MD5
  
  807bf916f297d31f8dfa3c6ce294aa20
- SHA1
  
  0d583cd5b2469cea9c663630012a1997b842bc15
- SHA256
  
  7d39687300a4e509f6a623ce3b72e4b8ec3dfb3b54cf6ac5f390d8253134705b
- SHA512
  
  ba47c59c5161a9800caf0794113647abc53baa4a7f2fc3a0a1734ad9bc2fad8294f08621a85d48b2a451569967986629ebccd0d05f69bd88d8c949d14591ecac
- SSDEEP
  
  3072:wjvM4AOx/dMcy1imsW7A0g3XDYHYTvZm3ov5Q4/cMIVH5bEvhSSqeLSqnjYIb:q050Fy1imdJgc4s2QRhH5IXV
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence