374d02ccce53d16d5692b36b8d895a40370c85dbef5ceab4ec8ecb458e86c999 | Triage

Sharing

General

Target

374d02ccce53d16d5692b36b8d895a40370c85dbef5ceab4ec8ecb458e86c999
Size

128KB
Sample

221020-gte37sghh2
MD5

50954cf33dcf6ed2455f69a7bfc2b2b0
SHA1

3bcc6dfecf5f582aa4c47c1a24613005902f4fb9
SHA256

374d02ccce53d16d5692b36b8d895a40370c85dbef5ceab4ec8ecb458e86c999
SHA512

8fb585a6061810371a772c2f84f83deaa46580cb3f8113c45ca9a344dfd830ae5bf7f77d5ad15ed877e20f436a9609086ef5bcaf0c7406fe4830363aa6cffd43
SSDEEP

3072:1K4eaudVSbozooQMCl/zcMYNLFH9VNQ4bAKc0BDT0ARyPiPL:UVSboclMClLcMIxLNQ4sP0B33RyPi

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  374d02ccce53d16d5692b36b8d895a40370c85dbef5ceab4ec8ecb458e86c999
- Size
  
  128KB
- MD5
  
  50954cf33dcf6ed2455f69a7bfc2b2b0
- SHA1
  
  3bcc6dfecf5f582aa4c47c1a24613005902f4fb9
- SHA256
  
  374d02ccce53d16d5692b36b8d895a40370c85dbef5ceab4ec8ecb458e86c999
- SHA512
  
  8fb585a6061810371a772c2f84f83deaa46580cb3f8113c45ca9a344dfd830ae5bf7f77d5ad15ed877e20f436a9609086ef5bcaf0c7406fe4830363aa6cffd43
- SSDEEP
  
  3072:1K4eaudVSbozooQMCl/zcMYNLFH9VNQ4bAKc0BDT0ARyPiPL:UVSboclMClLcMIxLNQ4sP0B33RyPi
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence