a76862ef9b537d0fe83e592c14f34cd913ca32e02e02004be0ce35ea2730dcf0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a76862ef9b537d0fe83e592c14f34cd913ca32e02e02004be0ce35ea2730dcf0
Size

272KB
Sample

221030-yfx6asgah2
MD5

91548dbca7f0de3e45fc8947dfe69ae0
SHA1

d46d30be93b0aaf0c814ee816d26edf86a675038
SHA256

a76862ef9b537d0fe83e592c14f34cd913ca32e02e02004be0ce35ea2730dcf0
SHA512

2e6c35014a47ab0c1ca4362da4093f149d4fd297563dd704ead533c7caee8c98444be82b11d5677dbe851c570dff71bfd5bd406ba2c2ee7ccabb8930c3a98dc8
SSDEEP

3072:I4H9gmss0FvbVJznCRcz/hVFA9MSs/PLLj+Qm4U3YwgTeA31j:B+vbfznH7O9G/PLLxU3YwgT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a76862ef9b537d0fe83e592c14f34cd913ca32e02e02004be0ce35ea2730dcf0
- Size
  
  272KB
- MD5
  
  91548dbca7f0de3e45fc8947dfe69ae0
- SHA1
  
  d46d30be93b0aaf0c814ee816d26edf86a675038
- SHA256
  
  a76862ef9b537d0fe83e592c14f34cd913ca32e02e02004be0ce35ea2730dcf0
- SHA512
  
  2e6c35014a47ab0c1ca4362da4093f149d4fd297563dd704ead533c7caee8c98444be82b11d5677dbe851c570dff71bfd5bd406ba2c2ee7ccabb8930c3a98dc8
- SSDEEP
  
  3072:I4H9gmss0FvbVJznCRcz/hVFA9MSs/PLLj+Qm4U3YwgTeA31j:B+vbfznH7O9G/PLLxU3YwgT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence