a87883b9b919198edf85a1584a20f261b119ce34e6af34ac854e963d49e1d2d8 | Triage

Sharing

General

Target

a87883b9b919198edf85a1584a20f261b119ce34e6af34ac854e963d49e1d2d8
Size

84KB
Sample

221124-atl37aae6x
MD5

3614775c4d2b7504d608360d5b4db290
SHA1

5d7dcc6f6c318ae23ae9cd19665907fa8ae8c696
SHA256

a87883b9b919198edf85a1584a20f261b119ce34e6af34ac854e963d49e1d2d8
SHA512

b3b6d1706f7675000b53a169effa5828e43514f939a3a2957e6e93ec29fd04aaee865636bb3988fe06a641be113c46ef1296b21bc3b213d84b767919a09e4391
SSDEEP

768:DTbYNscGYzZ2i+BJd/bI0/F/NstMlwQTOxelNmw5jRnDU5b:DTWG6H+n5IUJxdlNmKjRqb

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a87883b9b919198edf85a1584a20f261b119ce34e6af34ac854e963d49e1d2d8
- Size
  
  84KB
- MD5
  
  3614775c4d2b7504d608360d5b4db290
- SHA1
  
  5d7dcc6f6c318ae23ae9cd19665907fa8ae8c696
- SHA256
  
  a87883b9b919198edf85a1584a20f261b119ce34e6af34ac854e963d49e1d2d8
- SHA512
  
  b3b6d1706f7675000b53a169effa5828e43514f939a3a2957e6e93ec29fd04aaee865636bb3988fe06a641be113c46ef1296b21bc3b213d84b767919a09e4391
- SSDEEP
  
  768:DTbYNscGYzZ2i+BJd/bI0/F/NstMlwQTOxelNmw5jRnDU5b:DTWG6H+n5IUJxdlNmKjRqb
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2