7deb7541ac923d9c4f6bdd6a91934ff76f2441e0bdefd13e0152462ce9cae3cb | Triage

Sharing

General

Target

7deb7541ac923d9c4f6bdd6a91934ff76f2441e0bdefd13e0152462ce9cae3cb
Size

159KB
Sample

221127-nrm5cshd2v
MD5

bd52b42320a85a76e12ee82d379482e6
SHA1

0f4088285078460d3c72b3c9f6fb2cf352eba1df
SHA256

7deb7541ac923d9c4f6bdd6a91934ff76f2441e0bdefd13e0152462ce9cae3cb
SHA512

b94b8affeb722023f96857a07789f54fdc212c96485d9d68a776e06feeea46be4f1d5f7672594729894ef6a6032219b5274dcc8c1ec1dbbda9806c62c810d21a
SSDEEP

1536:SVnSQuhDrYnN6W9UVqeSuPhP3Fb4+DBfsK0af5IX96mfOC1zlrdsUwE7RjSqKC6i:61EayqGwoKx/

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7deb7541ac923d9c4f6bdd6a91934ff76f2441e0bdefd13e0152462ce9cae3cb
- Size
  
  159KB
- MD5
  
  bd52b42320a85a76e12ee82d379482e6
- SHA1
  
  0f4088285078460d3c72b3c9f6fb2cf352eba1df
- SHA256
  
  7deb7541ac923d9c4f6bdd6a91934ff76f2441e0bdefd13e0152462ce9cae3cb
- SHA512
  
  b94b8affeb722023f96857a07789f54fdc212c96485d9d68a776e06feeea46be4f1d5f7672594729894ef6a6032219b5274dcc8c1ec1dbbda9806c62c810d21a
- SSDEEP
  
  1536:SVnSQuhDrYnN6W9UVqeSuPhP3Fb4+DBfsK0af5IX96mfOC1zlrdsUwE7RjSqKC6i:61EayqGwoKx/
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence