1d134bb9a4b79a8749ac23355dcc574e51fa9e69e6844a2ae417dc1d36fdcb2a | Triage

Sharing

General

Target

1d134bb9a4b79a8749ac23355dcc574e51fa9e69e6844a2ae417dc1d36fdcb2a
Size

124KB
Sample

221107-zp6dpsbchm
MD5

0d11747739ec0a616c843aed85e1af20
SHA1

6a0f9a42365d0f91321c1926771656a10fed3851
SHA256

1d134bb9a4b79a8749ac23355dcc574e51fa9e69e6844a2ae417dc1d36fdcb2a
SHA512

d1d655becb745df6a727ab860e79cb92e97fd0afb512ba3aca94d3ba5a1298bebbfd0d52f31c8ec8e8486643192533d527f47413cc760da612df4df915a9559f
SSDEEP

1536:xMszX5YiMVhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:WGJYvhkFoN3Oo1+FvfSW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1d134bb9a4b79a8749ac23355dcc574e51fa9e69e6844a2ae417dc1d36fdcb2a
- Size
  
  124KB
- MD5
  
  0d11747739ec0a616c843aed85e1af20
- SHA1
  
  6a0f9a42365d0f91321c1926771656a10fed3851
- SHA256
  
  1d134bb9a4b79a8749ac23355dcc574e51fa9e69e6844a2ae417dc1d36fdcb2a
- SHA512
  
  d1d655becb745df6a727ab860e79cb92e97fd0afb512ba3aca94d3ba5a1298bebbfd0d52f31c8ec8e8486643192533d527f47413cc760da612df4df915a9559f
- SSDEEP
  
  1536:xMszX5YiMVhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:WGJYvhkFoN3Oo1+FvfSW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence