b734513856cffb0fb23b1428ade343c64686d874102410fa63fd1834d3424174 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b734513856cffb0fb23b1428ade343c64686d874102410fa63fd1834d3424174
Size

176KB
Sample

221129-dreg4sdh9s
MD5

11bceb9ab14ba81aca66bcdc727de5a9
SHA1

987a61615082c32ebdc385df4e4c391e0b222ddb
SHA256

b734513856cffb0fb23b1428ade343c64686d874102410fa63fd1834d3424174
SHA512

aa0afab50974e18157852b778c5b283720bcbac881a7977f7aba752c50a42d86ba48968403c318a08480cbb9e11e6a629847f87356f7e8222783934354be69bc
SSDEEP

3072:wfXiCdKZCsJB/pAYsmyCMuKnvmb7/D26ADS6eS6EjzXLG47JTmcoiBuAZdV:ySCkCsJB/pxKnvmb7/D26Ae6eS6wzXLB

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b734513856cffb0fb23b1428ade343c64686d874102410fa63fd1834d3424174
- Size
  
  176KB
- MD5
  
  11bceb9ab14ba81aca66bcdc727de5a9
- SHA1
  
  987a61615082c32ebdc385df4e4c391e0b222ddb
- SHA256
  
  b734513856cffb0fb23b1428ade343c64686d874102410fa63fd1834d3424174
- SHA512
  
  aa0afab50974e18157852b778c5b283720bcbac881a7977f7aba752c50a42d86ba48968403c318a08480cbb9e11e6a629847f87356f7e8222783934354be69bc
- SSDEEP
  
  3072:wfXiCdKZCsJB/pAYsmyCMuKnvmb7/D26ADS6eS6EjzXLG47JTmcoiBuAZdV:ySCkCsJB/pxKnvmb7/D26Ae6eS6wzXLB
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence