1df742e1dc34bfdc71835555238e4be59d858b7c0615f9ec0e33de19f25b9106 | Triage

Sharing

General

Target

1df742e1dc34bfdc71835555238e4be59d858b7c0615f9ec0e33de19f25b9106
Size

224KB
Sample

221124-alyf9aeg58
MD5

285300291a971302cdc3a2f44bb525bc
SHA1

51509fbc064807dca793981b24c055bcb4e41299
SHA256

1df742e1dc34bfdc71835555238e4be59d858b7c0615f9ec0e33de19f25b9106
SHA512

11d350125157863665f1f3257e065c29e0c5d1a2cb2399d0a90742afd1991e398c0ceaa8e7e9c530a2e22f2a8c815937a2757336465cb08963190e8612d5349f
SSDEEP

3072:xXyqNsMoBu+ZVpl2mclbj4Uvx+8ysNOu+2eRcKksU61JkkX39RLrw4ySKUbax2+l:AqN5Op4LnbmlrZW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1df742e1dc34bfdc71835555238e4be59d858b7c0615f9ec0e33de19f25b9106
- Size
  
  224KB
- MD5
  
  285300291a971302cdc3a2f44bb525bc
- SHA1
  
  51509fbc064807dca793981b24c055bcb4e41299
- SHA256
  
  1df742e1dc34bfdc71835555238e4be59d858b7c0615f9ec0e33de19f25b9106
- SHA512
  
  11d350125157863665f1f3257e065c29e0c5d1a2cb2399d0a90742afd1991e398c0ceaa8e7e9c530a2e22f2a8c815937a2757336465cb08963190e8612d5349f
- SSDEEP
  
  3072:xXyqNsMoBu+ZVpl2mclbj4Uvx+8ysNOu+2eRcKksU61JkkX39RLrw4ySKUbax2+l:AqN5Op4LnbmlrZW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence