1613b5863d2a9b7e258ea34dd7e82f915b6b054c74a517cd58b3ce7393a3b2c2 | Triage

Sharing

General

Target

1613b5863d2a9b7e258ea34dd7e82f915b6b054c74a517cd58b3ce7393a3b2c2
Size

300KB
Sample

221124-as792aae4t
MD5

40f09a3954d81c9cca3e158fe69509aa
SHA1

050795dc3cae450f53dd5ed70fc31dc2b5c3e121
SHA256

1613b5863d2a9b7e258ea34dd7e82f915b6b054c74a517cd58b3ce7393a3b2c2
SHA512

b15f526af835bbd0cd636895161d4683acb2f080f8c51387a70cb2ba9e8f6c99ed592aa25e64bb67b3278c85bcdf22110a2d78fd795eeb111a1564043b3f90d7
SSDEEP

6144:ejod6a6avuz2kX681UbgwDO7zRdmM57M186cFGK:ejOlvuzDEK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1613b5863d2a9b7e258ea34dd7e82f915b6b054c74a517cd58b3ce7393a3b2c2
- Size
  
  300KB
- MD5
  
  40f09a3954d81c9cca3e158fe69509aa
- SHA1
  
  050795dc3cae450f53dd5ed70fc31dc2b5c3e121
- SHA256
  
  1613b5863d2a9b7e258ea34dd7e82f915b6b054c74a517cd58b3ce7393a3b2c2
- SHA512
  
  b15f526af835bbd0cd636895161d4683acb2f080f8c51387a70cb2ba9e8f6c99ed592aa25e64bb67b3278c85bcdf22110a2d78fd795eeb111a1564043b3f90d7
- SSDEEP
  
  6144:ejod6a6avuz2kX681UbgwDO7zRdmM57M186cFGK:ejOlvuzDEK
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence