9fb5c5941ac3615ff7f1f702b7cfc9bd2a46aab08c7aeddb547820d186bb2779 | Triage

Sharing

General

Target

9fb5c5941ac3615ff7f1f702b7cfc9bd2a46aab08c7aeddb547820d186bb2779
Size

160KB
Sample

221107-zmjrxshaa8
MD5

0eaf778259f8ddf7e7bab519a736fde8
SHA1

60d3b0358c6e7284b4402136d1f5519d26b25192
SHA256

9fb5c5941ac3615ff7f1f702b7cfc9bd2a46aab08c7aeddb547820d186bb2779
SHA512

346c5b7349914acac3f119c623345221bbbeb95330a73ed840058d931bf0899e0d387579696d7715203a9f64a234e0d950fdac8ada9da6d475b820420c7741e6
SSDEEP

3072:/a5Xf+DxB95Fbr2IsJ03CwLYwR49hPLd3BzK02Swq4lV94oQZiE6Uf:C5v+DRbrTw03rLlR4PLnh7w1rvW4M

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9fb5c5941ac3615ff7f1f702b7cfc9bd2a46aab08c7aeddb547820d186bb2779
- Size
  
  160KB
- MD5
  
  0eaf778259f8ddf7e7bab519a736fde8
- SHA1
  
  60d3b0358c6e7284b4402136d1f5519d26b25192
- SHA256
  
  9fb5c5941ac3615ff7f1f702b7cfc9bd2a46aab08c7aeddb547820d186bb2779
- SHA512
  
  346c5b7349914acac3f119c623345221bbbeb95330a73ed840058d931bf0899e0d387579696d7715203a9f64a234e0d950fdac8ada9da6d475b820420c7741e6
- SSDEEP
  
  3072:/a5Xf+DxB95Fbr2IsJ03CwLYwR49hPLd3BzK02Swq4lV94oQZiE6Uf:C5v+DRbrTw03rLlR4PLnh7w1rvW4M
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence