913205e50d037713c0ac4db4e0cda3a947d32ad9e5b843a95e92d91c3604ec29 | Triage

Sharing

General

Target

913205e50d037713c0ac4db4e0cda3a947d32ad9e5b843a95e92d91c3604ec29
Size

148KB
Sample

221030-yp65kageg5
MD5

90b16aa6dbd4a6988ca06e42d47134d0
SHA1

a34b6aae1500be3a0fa60729a07234ca50ed5e73
SHA256

913205e50d037713c0ac4db4e0cda3a947d32ad9e5b843a95e92d91c3604ec29
SHA512

f99ca575a145a641c1b1de121989602a36fc4ccc140c1079ee4ac5a6cdb4324b3b43523718ec4fa30a89eda63510a352a58d88cbff8e1a597470885dcbd59035
SSDEEP

1536:36Eg5299tyVQO8P8ychlMybwjj3RJNEo/knRzdnynE7RldNEP8lijOephNIjn:qE/9elychkzR3Ek65RldqphCn

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  913205e50d037713c0ac4db4e0cda3a947d32ad9e5b843a95e92d91c3604ec29
- Size
  
  148KB
- MD5
  
  90b16aa6dbd4a6988ca06e42d47134d0
- SHA1
  
  a34b6aae1500be3a0fa60729a07234ca50ed5e73
- SHA256
  
  913205e50d037713c0ac4db4e0cda3a947d32ad9e5b843a95e92d91c3604ec29
- SHA512
  
  f99ca575a145a641c1b1de121989602a36fc4ccc140c1079ee4ac5a6cdb4324b3b43523718ec4fa30a89eda63510a352a58d88cbff8e1a597470885dcbd59035
- SSDEEP
  
  1536:36Eg5299tyVQO8P8ychlMybwjj3RJNEo/knRzdnynE7RldNEP8lijOephNIjn:qE/9elychkzR3Ek65RldqphCn
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence