73fa429d1f9d8d6c8b019fb8988b1b853df194aefe8bd1461c83c815d8addcb0 | Triage

Sharing

General

Target

73fa429d1f9d8d6c8b019fb8988b1b853df194aefe8bd1461c83c815d8addcb0
Size

212KB
Sample

221124-al8xzseg75
MD5

187fbb77103a8daf0bd9f8e0ad3e6a80
SHA1

e0bcb7e771c4e0314ea1e6edb1e500eb166ea8b9
SHA256

73fa429d1f9d8d6c8b019fb8988b1b853df194aefe8bd1461c83c815d8addcb0
SHA512

6a7616b966699859a4042103c68c1cdc23438c95f0986be64f9a8a68e6545f496e724c365b6999f8db090f02478a51c912313d4918750fa313d88ad97b29b46b
SSDEEP

6144:ep4VqIrqJQNbufrI4ukDnx/8vtvwzsmMAEu3Wev5kBirl87VFt6En9x7Xf7oufax:ep4zmGbMrI4ukDnx/8vtvwzsmMAEGHv9

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  73fa429d1f9d8d6c8b019fb8988b1b853df194aefe8bd1461c83c815d8addcb0
- Size
  
  212KB
- MD5
  
  187fbb77103a8daf0bd9f8e0ad3e6a80
- SHA1
  
  e0bcb7e771c4e0314ea1e6edb1e500eb166ea8b9
- SHA256
  
  73fa429d1f9d8d6c8b019fb8988b1b853df194aefe8bd1461c83c815d8addcb0
- SHA512
  
  6a7616b966699859a4042103c68c1cdc23438c95f0986be64f9a8a68e6545f496e724c365b6999f8db090f02478a51c912313d4918750fa313d88ad97b29b46b
- SSDEEP
  
  6144:ep4VqIrqJQNbufrI4ukDnx/8vtvwzsmMAEu3Wev5kBirl87VFt6En9x7Xf7oufax:ep4zmGbMrI4ukDnx/8vtvwzsmMAEGHv9
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence