87a021a7cc44852cab8228cbcf835971c21728c309e613f38737b5e4c9f1ae4d | Triage

Sharing

General

Target

87a021a7cc44852cab8228cbcf835971c21728c309e613f38737b5e4c9f1ae4d
Size

188KB
Sample

221124-akp4gsef68
MD5

34fef6065be5ae014a135816e5c029e0
SHA1

260b1faab253b6f310fa65371e08225873c11280
SHA256

87a021a7cc44852cab8228cbcf835971c21728c309e613f38737b5e4c9f1ae4d
SHA512

e950dc828575edba101062f79f066e0e93e3283babfa7761e11b9559a907112495a1369c93a6900af00e66a2807131ac43ed3d866186a130a42956e4e8dcec60
SSDEEP

3072:5CbOetokrGwkAjpWn1KG912QXXU+EnHsRPaVh4oQZiEVwiJ:52GdwkGG9ggkMRPaJWJ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  87a021a7cc44852cab8228cbcf835971c21728c309e613f38737b5e4c9f1ae4d
- Size
  
  188KB
- MD5
  
  34fef6065be5ae014a135816e5c029e0
- SHA1
  
  260b1faab253b6f310fa65371e08225873c11280
- SHA256
  
  87a021a7cc44852cab8228cbcf835971c21728c309e613f38737b5e4c9f1ae4d
- SHA512
  
  e950dc828575edba101062f79f066e0e93e3283babfa7761e11b9559a907112495a1369c93a6900af00e66a2807131ac43ed3d866186a130a42956e4e8dcec60
- SSDEEP
  
  3072:5CbOetokrGwkAjpWn1KG912QXXU+EnHsRPaVh4oQZiEVwiJ:52GdwkGG9ggkMRPaJWJ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence