40e1d1d5c9cf760c8c84d6d1283b71dd8d281cde0fcf041ad779df681140f834 | Triage

Sharing

General

Target

40e1d1d5c9cf760c8c84d6d1283b71dd8d281cde0fcf041ad779df681140f834
Size

320KB
Sample

221123-xjaczafb49
MD5

5eb493f8d0d17a70eef7609e92ec1e08
SHA1

352951067a8ec59a5c25db4b82369a4ee366f8e0
SHA256

40e1d1d5c9cf760c8c84d6d1283b71dd8d281cde0fcf041ad779df681140f834
SHA512

38662b27824328ff59e63ddcf5a26fe954f7a5b4f4d2a3a94514ccbab1d59b6b69dfd9ea5c3587285d168aa87c0de521fe35b98dccce8294f817121625de1237
SSDEEP

6144:mLXiGKI//d8xgN3+E9xz3DfQr1w2O6EU02DPp9nrg5G35aJevhRGGhfZkEscw0Lc:oKg9+EDEnhtHAJevHsEscw0Lcqk

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  40e1d1d5c9cf760c8c84d6d1283b71dd8d281cde0fcf041ad779df681140f834
- Size
  
  320KB
- MD5
  
  5eb493f8d0d17a70eef7609e92ec1e08
- SHA1
  
  352951067a8ec59a5c25db4b82369a4ee366f8e0
- SHA256
  
  40e1d1d5c9cf760c8c84d6d1283b71dd8d281cde0fcf041ad779df681140f834
- SHA512
  
  38662b27824328ff59e63ddcf5a26fe954f7a5b4f4d2a3a94514ccbab1d59b6b69dfd9ea5c3587285d168aa87c0de521fe35b98dccce8294f817121625de1237
- SSDEEP
  
  6144:mLXiGKI//d8xgN3+E9xz3DfQr1w2O6EU02DPp9nrg5G35aJevhRGGhfZkEscw0Lc:oKg9+EDEnhtHAJevHsEscw0Lcqk
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence