f7bb9bd670d09f4dcc0e221f957f6da74b29d1bc6279873b810652473718ae79 | Triage

Sharing

General

Target

f7bb9bd670d09f4dcc0e221f957f6da74b29d1bc6279873b810652473718ae79
Size

132KB
Sample

221020-bwrbcsgfh4
MD5

8153d9f70aca4cd4d9046cb044b2e77b
SHA1

a67ba3e556c30ca1e9c503d4c61a4ea4505f4887
SHA256

f7bb9bd670d09f4dcc0e221f957f6da74b29d1bc6279873b810652473718ae79
SHA512

628f566d1351fb0b5d4637c6aa0af35f36820801ec446c78ee4ae437297af494d54cd4cec01a7ced867fc7bf1a6880678524568e0c0598da8f20e760845c83ce
SSDEEP

1536:PLdL3uUIIKZrDJZ3JuIuRWIelOQ212I/6jDSUaWpEEHCjP4YTyrhQHy4kt6x:5yz8IuRrjWmEiyrhay6x

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f7bb9bd670d09f4dcc0e221f957f6da74b29d1bc6279873b810652473718ae79
- Size
  
  132KB
- MD5
  
  8153d9f70aca4cd4d9046cb044b2e77b
- SHA1
  
  a67ba3e556c30ca1e9c503d4c61a4ea4505f4887
- SHA256
  
  f7bb9bd670d09f4dcc0e221f957f6da74b29d1bc6279873b810652473718ae79
- SHA512
  
  628f566d1351fb0b5d4637c6aa0af35f36820801ec446c78ee4ae437297af494d54cd4cec01a7ced867fc7bf1a6880678524568e0c0598da8f20e760845c83ce
- SSDEEP
  
  1536:PLdL3uUIIKZrDJZ3JuIuRWIelOQ212I/6jDSUaWpEEHCjP4YTyrhQHy4kt6x:5yz8IuRrjWmEiyrhay6x
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence