73a7cefe584655a547a42fc55846ad704e15cf8829b25fd41f36d5c5bcd5f502 | Triage

Sharing

General

Target

73a7cefe584655a547a42fc55846ad704e15cf8829b25fd41f36d5c5bcd5f502
Size

224KB
Sample

221124-alswrseg48
MD5

173d587752501adc66abc51591ddd7b0
SHA1

c3e4fcbebb3f54093ef225e8bf27b8c6a6bc7079
SHA256

73a7cefe584655a547a42fc55846ad704e15cf8829b25fd41f36d5c5bcd5f502
SHA512

27ceac3c9b575bc043293061baa2a412182149744c4ab72cd0e4c28fd8d1b9b8326320bf48d078b60de5d7ff1ffd70664206c89279603f8d42193b5fe0b7b059
SSDEEP

3072:RXyqNsMoBuBoZVpl2mclbj4Uvx+8ysNOu+2eRcKksU61JkkX39RLrw4ySKUbax26:gqN5BMp4LnbmlrZW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  73a7cefe584655a547a42fc55846ad704e15cf8829b25fd41f36d5c5bcd5f502
- Size
  
  224KB
- MD5
  
  173d587752501adc66abc51591ddd7b0
- SHA1
  
  c3e4fcbebb3f54093ef225e8bf27b8c6a6bc7079
- SHA256
  
  73a7cefe584655a547a42fc55846ad704e15cf8829b25fd41f36d5c5bcd5f502
- SHA512
  
  27ceac3c9b575bc043293061baa2a412182149744c4ab72cd0e4c28fd8d1b9b8326320bf48d078b60de5d7ff1ffd70664206c89279603f8d42193b5fe0b7b059
- SSDEEP
  
  3072:RXyqNsMoBuBoZVpl2mclbj4Uvx+8ysNOu+2eRcKksU61JkkX39RLrw4ySKUbax26:gqN5BMp4LnbmlrZW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence