d9058e7938848ee7b1a9cc2c64aa9f8bd5544ec40ebca99b431f024f75d00142 | Triage

Sharing

General

Target

d9058e7938848ee7b1a9cc2c64aa9f8bd5544ec40ebca99b431f024f75d00142
Size

252KB
Sample

221030-yxxabshhgj
MD5

90fb06de05bf7ed8acdfdaa604027a00
SHA1

5204381e087c39a20bb250bcb7b0ac4c421f2f5d
SHA256

d9058e7938848ee7b1a9cc2c64aa9f8bd5544ec40ebca99b431f024f75d00142
SHA512

9548bc2edf046091fcceeadb98e8713fd1ee654de4f5815064884dfd8b3eeaa1eb301387a98446d8f4103d3e0f4c46eeb57ce546c9cc7532d2cfecba6f375209
SSDEEP

3072:VrAcZx7LalesWvZ0OgRqTAJcLGGO/xuiEyJeOOeGs5oxnkNzQKtj1D:VrFFx/ZLA4PmG6d9

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d9058e7938848ee7b1a9cc2c64aa9f8bd5544ec40ebca99b431f024f75d00142
- Size
  
  252KB
- MD5
  
  90fb06de05bf7ed8acdfdaa604027a00
- SHA1
  
  5204381e087c39a20bb250bcb7b0ac4c421f2f5d
- SHA256
  
  d9058e7938848ee7b1a9cc2c64aa9f8bd5544ec40ebca99b431f024f75d00142
- SHA512
  
  9548bc2edf046091fcceeadb98e8713fd1ee654de4f5815064884dfd8b3eeaa1eb301387a98446d8f4103d3e0f4c46eeb57ce546c9cc7532d2cfecba6f375209
- SSDEEP
  
  3072:VrAcZx7LalesWvZ0OgRqTAJcLGGO/xuiEyJeOOeGs5oxnkNzQKtj1D:VrFFx/ZLA4PmG6d9
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence