117687e5eb7dda5fa66045b137e6a1c0c69d27538130209bcbcbc2fa005f4741 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

117687e5eb7dda5fa66045b137e6a1c0c69d27538130209bcbcbc2fa005f4741
Size

244KB
Sample

221107-t1kngsgaa6
MD5

04acf4ae415546aed487e9ae2a8e4b44
SHA1

83789ac41d9c5a36f334725c0ca3cb13990c3e97
SHA256

117687e5eb7dda5fa66045b137e6a1c0c69d27538130209bcbcbc2fa005f4741
SHA512

c1846b13b46571311be726b223f2de559e99351f49bc5ed0516e543b0531e22fc4e152ed069e8e3ce87e7e055bf06366925c93b40e1aa37c72b1a3cce925ae3c
SSDEEP

3072:bhPBd1sROnFQA5yIuSP9lqVinU3bp/PTm2moJ6BwA+GABMndgGHU:bhJdV7PnqVinU3bw2moJ6WAdgC

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  117687e5eb7dda5fa66045b137e6a1c0c69d27538130209bcbcbc2fa005f4741
- Size
  
  244KB
- MD5
  
  04acf4ae415546aed487e9ae2a8e4b44
- SHA1
  
  83789ac41d9c5a36f334725c0ca3cb13990c3e97
- SHA256
  
  117687e5eb7dda5fa66045b137e6a1c0c69d27538130209bcbcbc2fa005f4741
- SHA512
  
  c1846b13b46571311be726b223f2de559e99351f49bc5ed0516e543b0531e22fc4e152ed069e8e3ce87e7e055bf06366925c93b40e1aa37c72b1a3cce925ae3c
- SSDEEP
  
  3072:bhPBd1sROnFQA5yIuSP9lqVinU3bp/PTm2moJ6BwA+GABMndgGHU:bhJdV7PnqVinU3bw2moJ6WAdgC
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence