a3d25bd5b75b188d6280f6e5f8ba7185ef041f6bf25cd8e4875b433a4552b12a | Triage

Submit
Reports

Overview

overview

9

Static

static

686467f75a...16.exe

windows7-x64

8

686467f75a...16.exe

windows10-2004-x64

9

Sharing

General

Target

8457418744.zip
Size

356KB
Sample

221126-kx29paaf2s
MD5

8ecddbc7f0f311fcef4afb2fe1dda697
SHA1

17c131736efb64bef3aff228f148635e56da2d95
SHA256

a3d25bd5b75b188d6280f6e5f8ba7185ef041f6bf25cd8e4875b433a4552b12a
SHA512

075a875107752a1524512b4896827afa6ebe5a5e45d5b084c0f8b7ff3a1d94d3028a491a3e7a41c1d43594099cec434c670932cdb8d45cc7cbbe6e40a9285a2e
SSDEEP

6144:ibj50wH76pod0T5Vxsf1Ot9Kuc1WvL8n8EoYXyr3rfAe0t48XSX/l+yOYQu1+njR:Uj50w+ud0Tfimc1WI8Kiet4861/t+jQS

Score

9^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

686467f75a5c0a056aba4614aa42e404fe9535d3de98806ad8c059c582f55716.exe

Resource

win7-20221111-en

evasion persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

686467f75a5c0a056aba4614aa42e404fe9535d3de98806ad8c059c582f55716.exe

Resource

win10v2004-20220812-en

evasion persistence

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  686467f75a5c0a056aba4614aa42e404fe9535d3de98806ad8c059c582f55716
- Size
  
  410KB
- MD5
  
  a6c776f57b289b97ddf353c32776a4ae
- SHA1
  
  6da71ee426632b691e785b22ce9762db728f68ad
- SHA256
  
  686467f75a5c0a056aba4614aa42e404fe9535d3de98806ad8c059c582f55716
- SHA512
  
  6afaf962e2a01c827e711bda9cc9c68e02c0c81a9da6208b4e35b482e210719994fbe3d804ef453bf824338b7b9bb3131b7e8606cfd86fd89bf597a004a61802
- SSDEEP
  
  12288:eIGmqFaVrXRP5Qo1CaeFWO+N+P52WZUHcyEaK54W7i4ZP/XjI:eStVFPutfo5X
Score

9^/10

evasion persistence
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2024

Terms | Privacy