797a307f0cea4302054316eddf9e5efb3a1521d466cf27c2af742bf43432e348 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

797a307f0cea4302054316eddf9e5efb3a1521d466cf27c2af742bf43432e348
Size

208KB
Sample

221107-t26bksgaf9
MD5

0f49d4b400d247f3d86b8a680b5f47d6
SHA1

e1379a4d74fddac348037b1e2ee60126a93c07b7
SHA256

797a307f0cea4302054316eddf9e5efb3a1521d466cf27c2af742bf43432e348
SHA512

90c40699d0b9dfb1cbe7b2b5d0d5a5f7dcc5f2ea2cc3e999d088a387017e89f1109838e06789d4b06542ba10053858f177e690645c79e9966a93289e1c043905
SSDEEP

6144:UeDlWZrQ+ONFDTIvgte8R2rHFllXgDMWd65QXoHqxVDTG/r1pAa+/mf2X+Axi4:UeRWZrQ+ONFDTIvgte8R2rHFllXgDMWv

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  797a307f0cea4302054316eddf9e5efb3a1521d466cf27c2af742bf43432e348
- Size
  
  208KB
- MD5
  
  0f49d4b400d247f3d86b8a680b5f47d6
- SHA1
  
  e1379a4d74fddac348037b1e2ee60126a93c07b7
- SHA256
  
  797a307f0cea4302054316eddf9e5efb3a1521d466cf27c2af742bf43432e348
- SHA512
  
  90c40699d0b9dfb1cbe7b2b5d0d5a5f7dcc5f2ea2cc3e999d088a387017e89f1109838e06789d4b06542ba10053858f177e690645c79e9966a93289e1c043905
- SSDEEP
  
  6144:UeDlWZrQ+ONFDTIvgte8R2rHFllXgDMWd65QXoHqxVDTG/r1pAa+/mf2X+Axi4:UeRWZrQ+ONFDTIvgte8R2rHFllXgDMWv
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence