5f42cf2e7c1a16fbca6f303619c4608a0b61d2303f0fbf872a9bdff054382af3 | Triage

Sharing

General

Target

5f42cf2e7c1a16fbca6f303619c4608a0b61d2303f0fbf872a9bdff054382af3
Size

140KB
Sample

221123-tekrcsgh6z
MD5

5c6eb56fcd6cd24f8cb820204baeb920
SHA1

a6a77e7b22816b91e035bbed4bc98c12b0b2ae82
SHA256

5f42cf2e7c1a16fbca6f303619c4608a0b61d2303f0fbf872a9bdff054382af3
SHA512

35a08192c7672ead6b607a9b9439929338ef478670200bd1e87de198e913bdc6b7b98461ad84c5bcd73086267c85f304c67c3b92f8205f9086742be9d13d3e11
SSDEEP

3072:U9Pc7FuHCxABX562J7fT4PE6fUneYkLpE6H94oQZiENngW:jFufBJ1J7f8z9SOWzx

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5f42cf2e7c1a16fbca6f303619c4608a0b61d2303f0fbf872a9bdff054382af3
- Size
  
  140KB
- MD5
  
  5c6eb56fcd6cd24f8cb820204baeb920
- SHA1
  
  a6a77e7b22816b91e035bbed4bc98c12b0b2ae82
- SHA256
  
  5f42cf2e7c1a16fbca6f303619c4608a0b61d2303f0fbf872a9bdff054382af3
- SHA512
  
  35a08192c7672ead6b607a9b9439929338ef478670200bd1e87de198e913bdc6b7b98461ad84c5bcd73086267c85f304c67c3b92f8205f9086742be9d13d3e11
- SSDEEP
  
  3072:U9Pc7FuHCxABX562J7fT4PE6fUneYkLpE6H94oQZiENngW:jFufBJ1J7f8z9SOWzx
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence