2799778849171380b3b02404d22df54924fa79567fe3a34d3a9777154b8762e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2799778849171380b3b02404d22df54924fa79567fe3a34d3a9777154b8762e6
Size

240KB
Sample

221020-meersahec9
MD5

9039b2c80b27ac31aedb7f2cf96f38a0
SHA1

35fba18b405276e53e608580fc79107a7d2bd648
SHA256

2799778849171380b3b02404d22df54924fa79567fe3a34d3a9777154b8762e6
SHA512

5039dc8b8e1f22de9023346767e78e7b17427c734ff7a4d2ce9885cccd721c438a245b3208ae658139835f5416660d31be1ace84d9c38144f67b26ca41752a0a
SSDEEP

6144:MOjFThz+4OAY0kmg7JXKj4vxim1EHlXnJJIyMAf5W/SbDHeIuy0bIA:rrz+4OAY0kmg7JXKoyMAf5W/SbCIXWt

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2799778849171380b3b02404d22df54924fa79567fe3a34d3a9777154b8762e6
- Size
  
  240KB
- MD5
  
  9039b2c80b27ac31aedb7f2cf96f38a0
- SHA1
  
  35fba18b405276e53e608580fc79107a7d2bd648
- SHA256
  
  2799778849171380b3b02404d22df54924fa79567fe3a34d3a9777154b8762e6
- SHA512
  
  5039dc8b8e1f22de9023346767e78e7b17427c734ff7a4d2ce9885cccd721c438a245b3208ae658139835f5416660d31be1ace84d9c38144f67b26ca41752a0a
- SSDEEP
  
  6144:MOjFThz+4OAY0kmg7JXKj4vxim1EHlXnJJIyMAf5W/SbDHeIuy0bIA:rrz+4OAY0kmg7JXKoyMAf5W/SbCIXWt
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence