577292e4d6318b5636d50c45fdb30850b2ef583ad975fa868666177eecf191fd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

577292e4d6318b5636d50c45fdb30850b2ef583ad975fa868666177eecf191fd
Size

40KB
Sample

221126-12n6macd5z
MD5

46fd871899a71a39f1340e1957a0d7f0
SHA1

291d89cd27dc2b144ceb4d955728b26845a5cd39
SHA256

577292e4d6318b5636d50c45fdb30850b2ef583ad975fa868666177eecf191fd
SHA512

683cb21e242f888fc01b765e341def2f975df7d9642f78aeb3451328ea71ddd951162a9d772b27e8092954022fd22d405ae45653a81d0a28de18f19db7df60b1
SSDEEP

768:mg0HsbzhmJzN+Yu/r6PP7+JLdHXGHljCOecAH2CZvc:mWw9N+R/r6X7+JpIXRjAvc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  577292e4d6318b5636d50c45fdb30850b2ef583ad975fa868666177eecf191fd
- Size
  
  40KB
- MD5
  
  46fd871899a71a39f1340e1957a0d7f0
- SHA1
  
  291d89cd27dc2b144ceb4d955728b26845a5cd39
- SHA256
  
  577292e4d6318b5636d50c45fdb30850b2ef583ad975fa868666177eecf191fd
- SHA512
  
  683cb21e242f888fc01b765e341def2f975df7d9642f78aeb3451328ea71ddd951162a9d772b27e8092954022fd22d405ae45653a81d0a28de18f19db7df60b1
- SSDEEP
  
  768:mg0HsbzhmJzN+Yu/r6PP7+JLdHXGHljCOecAH2CZvc:mWw9N+R/r6X7+JpIXRjAvc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence