73b479058a9f48d750487ee0a19e25a7f6f965cd238b07e766492433b5113d54 | Triage

Sharing

General

Target

73b479058a9f48d750487ee0a19e25a7f6f965cd238b07e766492433b5113d54
Size

216KB
Sample

221106-sn1y9sbaep
MD5

07a440615246e3830f4697f95c75ccf9
SHA1

a2650982167776beca84455fdcc6a13cb340d82e
SHA256

73b479058a9f48d750487ee0a19e25a7f6f965cd238b07e766492433b5113d54
SHA512

6c1e74b2797518d125dad2a27b0508d8003668a2898d63f99a0288d5d6db0348a4b1b3ca6dbd6b412f966a5a536f51b2875a7b7be1d5417319a8d74a87c413bb
SSDEEP

1536:H2JfHuJJLdJaB0reFl0QuWe305Xrud/WSAumJ30h+3jE/gNlh1/7ND7zDT6WkX0I:Wa7ammjuwuquEh1jNJkX0CLijNX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  73b479058a9f48d750487ee0a19e25a7f6f965cd238b07e766492433b5113d54
- Size
  
  216KB
- MD5
  
  07a440615246e3830f4697f95c75ccf9
- SHA1
  
  a2650982167776beca84455fdcc6a13cb340d82e
- SHA256
  
  73b479058a9f48d750487ee0a19e25a7f6f965cd238b07e766492433b5113d54
- SHA512
  
  6c1e74b2797518d125dad2a27b0508d8003668a2898d63f99a0288d5d6db0348a4b1b3ca6dbd6b412f966a5a536f51b2875a7b7be1d5417319a8d74a87c413bb
- SSDEEP
  
  1536:H2JfHuJJLdJaB0reFl0QuWe305Xrud/WSAumJ30h+3jE/gNlh1/7ND7zDT6WkX0I:Wa7ammjuwuquEh1jNJkX0CLijNX
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence