40f9c8934dc1f2c11f65e7c129ab4ee22d5153a50b61ebd7d6a102df7a5e96ea | Triage

Sharing

General

Target

40f9c8934dc1f2c11f65e7c129ab4ee22d5153a50b61ebd7d6a102df7a5e96ea
Size

288KB
Sample

221124-and6dsaa81
MD5

28855f55d83f42ec01c3e91e6495b564
SHA1

b7c159c9e22478bc9af4ef8a7277fbf9a799774b
SHA256

40f9c8934dc1f2c11f65e7c129ab4ee22d5153a50b61ebd7d6a102df7a5e96ea
SHA512

d1baae7dbfad941e83367e97cd90baed199eff9dd7c6041a9350adb801f026b956f69eb5ff54acbfd545162914af37b011176592667e885ec6c503fa09c074e3
SSDEEP

6144:t1BQc0f7XP+g3AGJpWVzuFnmI8nQOsPVKnvmb7/D26Mbj/R8SUHAgOTTMEtBTTln:J27/XvLWpuFWnQOsPVKnvmb7/D26MHUa

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  40f9c8934dc1f2c11f65e7c129ab4ee22d5153a50b61ebd7d6a102df7a5e96ea
- Size
  
  288KB
- MD5
  
  28855f55d83f42ec01c3e91e6495b564
- SHA1
  
  b7c159c9e22478bc9af4ef8a7277fbf9a799774b
- SHA256
  
  40f9c8934dc1f2c11f65e7c129ab4ee22d5153a50b61ebd7d6a102df7a5e96ea
- SHA512
  
  d1baae7dbfad941e83367e97cd90baed199eff9dd7c6041a9350adb801f026b956f69eb5ff54acbfd545162914af37b011176592667e885ec6c503fa09c074e3
- SSDEEP
  
  6144:t1BQc0f7XP+g3AGJpWVzuFnmI8nQOsPVKnvmb7/D26Mbj/R8SUHAgOTTMEtBTTln:J27/XvLWpuFWnQOsPVKnvmb7/D26MHUa
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence