7fd06278cebd5fefae6d2ad50404f6fa1ed821d27eb1bb5f4f8cce5dfd335081 | Triage

Sharing

General

Target

7fd06278cebd5fefae6d2ad50404f6fa1ed821d27eb1bb5f4f8cce5dfd335081
Size

124KB
Sample

221124-ap75vsfa69
MD5

079bf5e3519078072252d2b5f7d4c5f0
SHA1

7b34b6d662118ac9e7502b22e1e9c4df8b9dfa96
SHA256

7fd06278cebd5fefae6d2ad50404f6fa1ed821d27eb1bb5f4f8cce5dfd335081
SHA512

adce0f3f3a66a0c53acc36ebf28feb20509373c485aeafedba8ce95cbafd818add3caf59d9ff67e9afd89a807a983958c3ef5677b8c1c2eef98c541460701b7c
SSDEEP

1536:mOszW5YNmVJhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:rG0YYLhkFoN3Oo1+FvfSW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7fd06278cebd5fefae6d2ad50404f6fa1ed821d27eb1bb5f4f8cce5dfd335081
- Size
  
  124KB
- MD5
  
  079bf5e3519078072252d2b5f7d4c5f0
- SHA1
  
  7b34b6d662118ac9e7502b22e1e9c4df8b9dfa96
- SHA256
  
  7fd06278cebd5fefae6d2ad50404f6fa1ed821d27eb1bb5f4f8cce5dfd335081
- SHA512
  
  adce0f3f3a66a0c53acc36ebf28feb20509373c485aeafedba8ce95cbafd818add3caf59d9ff67e9afd89a807a983958c3ef5677b8c1c2eef98c541460701b7c
- SSDEEP
  
  1536:mOszW5YNmVJhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:rG0YYLhkFoN3Oo1+FvfSW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence