24f3adbebc1505f597304dccb857c971fbdd80dfd193b023128cf4b6321312bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24f3adbebc1505f597304dccb857c971fbdd80dfd193b023128cf4b6321312bc
Size

284KB
Sample

221030-alhqssdbc7
MD5

9387b679b6e38da2b115a2998aa3ae90
SHA1

99333ddb72cfbcb7703eb84cc0d882d1bfb742ce
SHA256

24f3adbebc1505f597304dccb857c971fbdd80dfd193b023128cf4b6321312bc
SHA512

d43dde14a0fbb41e8385de1741d57e697d31d2500ff5a574a7cfed5d471a2b32bde96482d1ecc912fa6f54726936e5ffe2dc41ad0a33dcbc9b86e0b587aca96d
SSDEEP

3072:y0A2afa1jbn4DpS41Zr8EbjfmNwXl1RgxfGDP8F2dqMOkeuF7SzomBXZu:Ray1jz4Dp7R8cA0l1RpLtJj7SkKw

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  24f3adbebc1505f597304dccb857c971fbdd80dfd193b023128cf4b6321312bc
- Size
  
  284KB
- MD5
  
  9387b679b6e38da2b115a2998aa3ae90
- SHA1
  
  99333ddb72cfbcb7703eb84cc0d882d1bfb742ce
- SHA256
  
  24f3adbebc1505f597304dccb857c971fbdd80dfd193b023128cf4b6321312bc
- SHA512
  
  d43dde14a0fbb41e8385de1741d57e697d31d2500ff5a574a7cfed5d471a2b32bde96482d1ecc912fa6f54726936e5ffe2dc41ad0a33dcbc9b86e0b587aca96d
- SSDEEP
  
  3072:y0A2afa1jbn4DpS41Zr8EbjfmNwXl1RgxfGDP8F2dqMOkeuF7SzomBXZu:Ray1jz4Dp7R8cA0l1RpLtJj7SkKw
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence