f66d77383d9033aec9dec7ca2e59c437449ab0ea497b3ffd784c81883fa72250 | Triage

Sharing

General

Target

f66d77383d9033aec9dec7ca2e59c437449ab0ea497b3ffd784c81883fa72250
Size

144KB
Sample

221124-anrrgsab2y
MD5

14edccfa616414fb38548dd31c7d9f40
SHA1

31285837de8f3f7a0115c5c5127e4bf4506786ca
SHA256

f66d77383d9033aec9dec7ca2e59c437449ab0ea497b3ffd784c81883fa72250
SHA512

156ce27b64a0e71197ead8735ae24f5c19ad845be231a28f084fca0ae53f3220b29e34449d8d48291d18ff3a7c942a3510a1e8470c0ba1560fb4e394ef3ade4b
SSDEEP

3072:QHKF/fvhINgVs+Y9YXeKjxF1yO13TWDnt+:QqFvq2gYuKjxF15s

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f66d77383d9033aec9dec7ca2e59c437449ab0ea497b3ffd784c81883fa72250
- Size
  
  144KB
- MD5
  
  14edccfa616414fb38548dd31c7d9f40
- SHA1
  
  31285837de8f3f7a0115c5c5127e4bf4506786ca
- SHA256
  
  f66d77383d9033aec9dec7ca2e59c437449ab0ea497b3ffd784c81883fa72250
- SHA512
  
  156ce27b64a0e71197ead8735ae24f5c19ad845be231a28f084fca0ae53f3220b29e34449d8d48291d18ff3a7c942a3510a1e8470c0ba1560fb4e394ef3ade4b
- SSDEEP
  
  3072:QHKF/fvhINgVs+Y9YXeKjxF1yO13TWDnt+:QqFvq2gYuKjxF15s
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence