748ca7a52df4d102748c432d4edf427f28e8c5811af27c27d6f1f8a37724226e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

748ca7a52df4d102748c432d4edf427f28e8c5811af27c27d6f1f8a37724226e
Size

140KB
Sample

221107-y9jvrsgcg2
MD5

02ac71e924904bb78c32beb17724c020
SHA1

ab1cca368d8e020a12be9936f0d04d6e2440917c
SHA256

748ca7a52df4d102748c432d4edf427f28e8c5811af27c27d6f1f8a37724226e
SHA512

23fd2fe36d0678162607ac059fd79a29a802ba26d1615f129936365ce44ac473cf6a8e4b15d4c7d12d1a6e87d89cfe8f61f383a43c47679132412895ee328b87
SSDEEP

1536:evhYbgPtIzc5iZzz/4B9Nup9uXQYbceZ86rLJeUyUBMXJCXlCwC:OYLc5iZPQzjfbceZTxlLaoXU

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  748ca7a52df4d102748c432d4edf427f28e8c5811af27c27d6f1f8a37724226e
- Size
  
  140KB
- MD5
  
  02ac71e924904bb78c32beb17724c020
- SHA1
  
  ab1cca368d8e020a12be9936f0d04d6e2440917c
- SHA256
  
  748ca7a52df4d102748c432d4edf427f28e8c5811af27c27d6f1f8a37724226e
- SHA512
  
  23fd2fe36d0678162607ac059fd79a29a802ba26d1615f129936365ce44ac473cf6a8e4b15d4c7d12d1a6e87d89cfe8f61f383a43c47679132412895ee328b87
- SSDEEP
  
  1536:evhYbgPtIzc5iZzz/4B9Nup9uXQYbceZ86rLJeUyUBMXJCXlCwC:OYLc5iZPQzjfbceZTxlLaoXU
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence