6795321acee57d831316d0af76fb9ba52b41575ea0092a835fdae235ca420866 | Triage

Sharing

General

Target

6795321acee57d831316d0af76fb9ba52b41575ea0092a835fdae235ca420866
Size

135KB
Sample

221123-xf825aeh85
MD5

041ab83aee312c75d6fae5c8c45ef590
SHA1

2bcdc73be4ea53dec47e6805cb11a7f30fb15563
SHA256

6795321acee57d831316d0af76fb9ba52b41575ea0092a835fdae235ca420866
SHA512

f1c89108a18631aac7054f2af4f0d4918b784a3c6aa116acff0fcd163a7acb7bfdc6f1221f5e7e1058932022f99ade126748fd2ce25844c326effb3cfa258c7e
SSDEEP

3072:Qm7PefLUPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVHLu:tHoIDbByGPMsMP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6795321acee57d831316d0af76fb9ba52b41575ea0092a835fdae235ca420866
- Size
  
  135KB
- MD5
  
  041ab83aee312c75d6fae5c8c45ef590
- SHA1
  
  2bcdc73be4ea53dec47e6805cb11a7f30fb15563
- SHA256
  
  6795321acee57d831316d0af76fb9ba52b41575ea0092a835fdae235ca420866
- SHA512
  
  f1c89108a18631aac7054f2af4f0d4918b784a3c6aa116acff0fcd163a7acb7bfdc6f1221f5e7e1058932022f99ade126748fd2ce25844c326effb3cfa258c7e
- SSDEEP
  
  3072:Qm7PefLUPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVHLu:tHoIDbByGPMsMP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence