7f3a5d89cabb8cb6a5954d175ec66cbd48391fcd3b628ac53d5af409428a8925 | Triage

Sharing

General

Target

7f3a5d89cabb8cb6a5954d175ec66cbd48391fcd3b628ac53d5af409428a8925
Size

292KB
Sample

221123-vdrc7agg26
MD5

451383b8da4b56ce325015420e63f7f0
SHA1

0bea16f07b32750348c0610595d59c69e2192a7c
SHA256

7f3a5d89cabb8cb6a5954d175ec66cbd48391fcd3b628ac53d5af409428a8925
SHA512

31e37e99ed3b7f3ebc646d438f86c28f08170cf33489ac2e2f969d2999d342922b1528bdfb8315f216c341b92188294ab25527348cea42fe0c63f7ae88980867
SSDEEP

6144:CaczcnqtrZjQCBBvfmge2uXOyDDaX66UEbuGHAceNEFKLrLRKD7ucfnxh4B7yCJY:Ca7nqtti9K5CooEeOnioN

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7f3a5d89cabb8cb6a5954d175ec66cbd48391fcd3b628ac53d5af409428a8925
- Size
  
  292KB
- MD5
  
  451383b8da4b56ce325015420e63f7f0
- SHA1
  
  0bea16f07b32750348c0610595d59c69e2192a7c
- SHA256
  
  7f3a5d89cabb8cb6a5954d175ec66cbd48391fcd3b628ac53d5af409428a8925
- SHA512
  
  31e37e99ed3b7f3ebc646d438f86c28f08170cf33489ac2e2f969d2999d342922b1528bdfb8315f216c341b92188294ab25527348cea42fe0c63f7ae88980867
- SSDEEP
  
  6144:CaczcnqtrZjQCBBvfmge2uXOyDDaX66UEbuGHAceNEFKLrLRKD7ucfnxh4B7yCJY:Ca7nqtti9K5CooEeOnioN
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence