3d39e48c0c93c6e8be50793088b64dda9795a9f431c0e674e3c8c95c386a304f | Triage

Sharing

General

Target

3d39e48c0c93c6e8be50793088b64dda9795a9f431c0e674e3c8c95c386a304f
Size

224KB
Sample

221124-alwmnaeg55
MD5

15f5f3242e21413b330fefe9f6af247a
SHA1

b28e3732622559afe23d13a14a86a17d3e855e49
SHA256

3d39e48c0c93c6e8be50793088b64dda9795a9f431c0e674e3c8c95c386a304f
SHA512

54b75b4615531beb163d62e9ee14c902a37d96b21255f6f423f9020c3879e8fc81164910c0ebfd4e2608a2a22d1bae885f2737f548188e16260277e00ca3559c
SSDEEP

3072:kXyqNsMoBuBiZ8ZVpl2mclbj4Uvx+8ysNOu+2eRcKksU61JkkX39RLrw4ySKUba9:7qN5Iep4LnbmlrZW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3d39e48c0c93c6e8be50793088b64dda9795a9f431c0e674e3c8c95c386a304f
- Size
  
  224KB
- MD5
  
  15f5f3242e21413b330fefe9f6af247a
- SHA1
  
  b28e3732622559afe23d13a14a86a17d3e855e49
- SHA256
  
  3d39e48c0c93c6e8be50793088b64dda9795a9f431c0e674e3c8c95c386a304f
- SHA512
  
  54b75b4615531beb163d62e9ee14c902a37d96b21255f6f423f9020c3879e8fc81164910c0ebfd4e2608a2a22d1bae885f2737f548188e16260277e00ca3559c
- SSDEEP
  
  3072:kXyqNsMoBuBiZ8ZVpl2mclbj4Uvx+8ysNOu+2eRcKksU61JkkX39RLrw4ySKUba9:7qN5Iep4LnbmlrZW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence