b637eedc366522320a2ed97ec8a84bb0b314db257faa1c83581d756e0c7ef78b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b637eedc366522320a2ed97ec8a84bb0b314db257faa1c83581d756e0c7ef78b
Size

84KB
Sample

221030-jzrejaaef2
MD5

9396f5d3bf6c52d523425b09bb0d8670
SHA1

2e7ecfafd4559b7a55957f43a4b6802296367d4b
SHA256

b637eedc366522320a2ed97ec8a84bb0b314db257faa1c83581d756e0c7ef78b
SHA512

1985440ab5ba4b16c46ed0033a98ebda8284b9fea3db666765ce68eda055743f3b2de6806d188723014231ff3e7784699a02d5c090d9a93303da154b5738737c
SSDEEP

768:s9Whb6K4Fd6eUCRGIIPP1y7oLacaIBLP3nEZCcLX/CVSFJ0T72Uap5/7TON+7:shTFTUCxQ1a1ocTzFJ0T72VpF7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b637eedc366522320a2ed97ec8a84bb0b314db257faa1c83581d756e0c7ef78b
- Size
  
  84KB
- MD5
  
  9396f5d3bf6c52d523425b09bb0d8670
- SHA1
  
  2e7ecfafd4559b7a55957f43a4b6802296367d4b
- SHA256
  
  b637eedc366522320a2ed97ec8a84bb0b314db257faa1c83581d756e0c7ef78b
- SHA512
  
  1985440ab5ba4b16c46ed0033a98ebda8284b9fea3db666765ce68eda055743f3b2de6806d188723014231ff3e7784699a02d5c090d9a93303da154b5738737c
- SSDEEP
  
  768:s9Whb6K4Fd6eUCRGIIPP1y7oLacaIBLP3nEZCcLX/CVSFJ0T72Uap5/7TON+7:shTFTUCxQ1a1ocTzFJ0T72VpF7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence