593239d8f2e5e4915868caefd8479e87fd2d12a624aaffb816dc502baa0b772e | Triage

Sharing

General

Target

593239d8f2e5e4915868caefd8479e87fd2d12a624aaffb816dc502baa0b772e
Size

256KB
Sample

221030-yvjw8aggg7
MD5

920381bd0eb7ae3ec91c37c95713a008
SHA1

75eadb20c4ed4d9a5b7de85fd895b8e84975d2c8
SHA256

593239d8f2e5e4915868caefd8479e87fd2d12a624aaffb816dc502baa0b772e
SHA512

38d3f39be30762ff89b60997671509676bcd7e486c697cd5985270a3f46a2e99b8f249a6ef1dac75f9473913a7d6dcf55eba2ae0a423cd469c7b85aaf2bbedda
SSDEEP

3072:k3ZVoe+Plp/nskpCUv5T79fzCC/M7BFsqMabeYiUDoZG/33ygot:yf2PlptNvl9fm0UBFsqMabeYiUDogvFg

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  593239d8f2e5e4915868caefd8479e87fd2d12a624aaffb816dc502baa0b772e
- Size
  
  256KB
- MD5
  
  920381bd0eb7ae3ec91c37c95713a008
- SHA1
  
  75eadb20c4ed4d9a5b7de85fd895b8e84975d2c8
- SHA256
  
  593239d8f2e5e4915868caefd8479e87fd2d12a624aaffb816dc502baa0b772e
- SHA512
  
  38d3f39be30762ff89b60997671509676bcd7e486c697cd5985270a3f46a2e99b8f249a6ef1dac75f9473913a7d6dcf55eba2ae0a423cd469c7b85aaf2bbedda
- SSDEEP
  
  3072:k3ZVoe+Plp/nskpCUv5T79fzCC/M7BFsqMabeYiUDoZG/33ygot:yf2PlptNvl9fm0UBFsqMabeYiUDogvFg
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence