26266882cad968f23764cdb3f877671022729453725705d3e5688c51a4c13d90 | Triage

Sharing

General

Target

26266882cad968f23764cdb3f877671022729453725705d3e5688c51a4c13d90
Size

124KB
Sample

221124-aqe6gafa78
MD5

16388ffed0efd8dc850b4ec329af81f2
SHA1

3bff3d7351d930daaefa411b9814761adfb01987
SHA256

26266882cad968f23764cdb3f877671022729453725705d3e5688c51a4c13d90
SHA512

5107c9c3ee1d62afe66a20c47a97db1cee50f526fc32eb2396691c956b95f5411f934af17f1aef4d5c4376f1216cfe9de6d6a2e3d18f96c94a2092ca5eef372b
SSDEEP

1536:NTsz/5YaPYhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:hGBYawhkFoN3Oo1+FvfSW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  26266882cad968f23764cdb3f877671022729453725705d3e5688c51a4c13d90
- Size
  
  124KB
- MD5
  
  16388ffed0efd8dc850b4ec329af81f2
- SHA1
  
  3bff3d7351d930daaefa411b9814761adfb01987
- SHA256
  
  26266882cad968f23764cdb3f877671022729453725705d3e5688c51a4c13d90
- SHA512
  
  5107c9c3ee1d62afe66a20c47a97db1cee50f526fc32eb2396691c956b95f5411f934af17f1aef4d5c4376f1216cfe9de6d6a2e3d18f96c94a2092ca5eef372b
- SSDEEP
  
  1536:NTsz/5YaPYhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:hGBYawhkFoN3Oo1+FvfSW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence