3722255efbce29df84d1b0d3a124575bca56e3467ed3ce1ee5571b7fd44c9289 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3722255efbce29df84d1b0d3a124575bca56e3467ed3ce1ee5571b7fd44c9289
Size

160KB
Sample

221029-ts6wraeffk
MD5

83c8e201413515d9b62da74d9c927590
SHA1

3471bbe169ce59f8013746fc0fc967bb6ea62574
SHA256

3722255efbce29df84d1b0d3a124575bca56e3467ed3ce1ee5571b7fd44c9289
SHA512

abc965e4b30da9efdea8e0ff811af07e3a6b4ab7e4b85fdb8e237809e81c7db06924ed6f69b873e3e86e446e1e596715ad25053befc61467fb1d9a604212e61c
SSDEEP

3072:eGzsrB6oe5g+GwJs8K9YUoIrJaRuSZ/JlQPj/PYv2wM0B2vmkHgHAGFAhl4oQZi3:eGwrnP9YErMRuSZ/JlQLHYv2PvzGAMAb

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3722255efbce29df84d1b0d3a124575bca56e3467ed3ce1ee5571b7fd44c9289
- Size
  
  160KB
- MD5
  
  83c8e201413515d9b62da74d9c927590
- SHA1
  
  3471bbe169ce59f8013746fc0fc967bb6ea62574
- SHA256
  
  3722255efbce29df84d1b0d3a124575bca56e3467ed3ce1ee5571b7fd44c9289
- SHA512
  
  abc965e4b30da9efdea8e0ff811af07e3a6b4ab7e4b85fdb8e237809e81c7db06924ed6f69b873e3e86e446e1e596715ad25053befc61467fb1d9a604212e61c
- SSDEEP
  
  3072:eGzsrB6oe5g+GwJs8K9YUoIrJaRuSZ/JlQPj/PYv2wM0B2vmkHgHAGFAhl4oQZi3:eGwrnP9YErMRuSZ/JlQLHYv2PvzGAMAb
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence