76b7f8f5c4e92c938d4a2ff504a52eb2ed5ee07c6879a4d80cf91f2c631a2bbf | Triage

Sharing

General

Target

76b7f8f5c4e92c938d4a2ff504a52eb2ed5ee07c6879a4d80cf91f2c631a2bbf
Size

320KB
Sample

221123-wsm5rafg5w
MD5

5965790c4d4f6f570563d9f658225450
SHA1

f9893bbe4d7337239481a250d41b68133b4892e9
SHA256

76b7f8f5c4e92c938d4a2ff504a52eb2ed5ee07c6879a4d80cf91f2c631a2bbf
SHA512

115d0014db59d8ffe990ca8b686e8cb12644626e1b657fd6f8b2b24ffc2b3703369b5c815cc8e8f2a37e9a48f974dd592ff6d491ccebc97ccbf2f1d8da035f80
SSDEEP

6144:CpHIcFeEK/fObT/bGibErxUyF+fmYYdPMAaiSeg:C5IcFeEK/fObT/bGiPo+eYYt/LSeg

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  76b7f8f5c4e92c938d4a2ff504a52eb2ed5ee07c6879a4d80cf91f2c631a2bbf
- Size
  
  320KB
- MD5
  
  5965790c4d4f6f570563d9f658225450
- SHA1
  
  f9893bbe4d7337239481a250d41b68133b4892e9
- SHA256
  
  76b7f8f5c4e92c938d4a2ff504a52eb2ed5ee07c6879a4d80cf91f2c631a2bbf
- SHA512
  
  115d0014db59d8ffe990ca8b686e8cb12644626e1b657fd6f8b2b24ffc2b3703369b5c815cc8e8f2a37e9a48f974dd592ff6d491ccebc97ccbf2f1d8da035f80
- SSDEEP
  
  6144:CpHIcFeEK/fObT/bGibErxUyF+fmYYdPMAaiSeg:C5IcFeEK/fObT/bGiPo+eYYt/LSeg
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence