5b27d556e204bc00926f861996609857c1a71eba1ca49e7c044d39822657f7b6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b27d556e204bc00926f861996609857c1a71eba1ca49e7c044d39822657f7b6
Size

188KB
Sample

221029-tpq15aeebq
MD5

844a41cb09f43b619cc6fd17f4a52f10
SHA1

1955af939454530b2c353be68ee2cee827be1eb8
SHA256

5b27d556e204bc00926f861996609857c1a71eba1ca49e7c044d39822657f7b6
SHA512

c2768efb17812d407a4b2425502340c3b064ef09641162634cccab73ff955e795b54d352ac88a410a21d60bc8a7661f2a35e2b86c7dc3a5b6eebb179255e1f88
SSDEEP

3072:9cJc5x2DZhv8yapZIvcFeqoSeaX/m7bfTWan9LxJ8DJOpPVKuqmqTgwa9MTXK6SM:4coZhvzWevcFe/aX/m7bfTWan9lJ8DJP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5b27d556e204bc00926f861996609857c1a71eba1ca49e7c044d39822657f7b6
- Size
  
  188KB
- MD5
  
  844a41cb09f43b619cc6fd17f4a52f10
- SHA1
  
  1955af939454530b2c353be68ee2cee827be1eb8
- SHA256
  
  5b27d556e204bc00926f861996609857c1a71eba1ca49e7c044d39822657f7b6
- SHA512
  
  c2768efb17812d407a4b2425502340c3b064ef09641162634cccab73ff955e795b54d352ac88a410a21d60bc8a7661f2a35e2b86c7dc3a5b6eebb179255e1f88
- SSDEEP
  
  3072:9cJc5x2DZhv8yapZIvcFeqoSeaX/m7bfTWan9LxJ8DJOpPVKuqmqTgwa9MTXK6SM:4coZhvzWevcFe/aX/m7bfTWan9lJ8DJP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence