f63a7a8e72acd2be17a382c93a86abe891756f421f856918b31faaeb03aa3662 | Triage

Sharing

General

Target

f63a7a8e72acd2be17a382c93a86abe891756f421f856918b31faaeb03aa3662
Size

176KB
Sample

221107-w3jv3sebfk
MD5

0d90878e9045e5be441a9f3d20f29b6e
SHA1

864bf947a5b3b1a7e5f9b2215199ef21bb600e2d
SHA256

f63a7a8e72acd2be17a382c93a86abe891756f421f856918b31faaeb03aa3662
SHA512

cc56bcd683dd444192941b7ac3d74fba0e3dfb689b6c761663b6afae6b70d290ea7b301fb9da1b4e7ef2d006c8dae0d4ee7f605764ba909b52500e0ae2ebe595
SSDEEP

3072:Dhh8C/nROzg7iiwJvXZETcbLn67kLpyRurohZbsn4KhWNUzMzGV5/bBD3ynrul1y:Vh7YU7iiwJvXZETcbLn6YLProhZbsn47

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f63a7a8e72acd2be17a382c93a86abe891756f421f856918b31faaeb03aa3662
- Size
  
  176KB
- MD5
  
  0d90878e9045e5be441a9f3d20f29b6e
- SHA1
  
  864bf947a5b3b1a7e5f9b2215199ef21bb600e2d
- SHA256
  
  f63a7a8e72acd2be17a382c93a86abe891756f421f856918b31faaeb03aa3662
- SHA512
  
  cc56bcd683dd444192941b7ac3d74fba0e3dfb689b6c761663b6afae6b70d290ea7b301fb9da1b4e7ef2d006c8dae0d4ee7f605764ba909b52500e0ae2ebe595
- SSDEEP
  
  3072:Dhh8C/nROzg7iiwJvXZETcbLn67kLpyRurohZbsn4KhWNUzMzGV5/bBD3ynrul1y:Vh7YU7iiwJvXZETcbLn6YLProhZbsn47
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence