b87439352a7dcc7042e6ebcb9edda7fb0994b5f1dfdd7c4b57f7e38b7fe93bd2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b87439352a7dcc7042e6ebcb9edda7fb0994b5f1dfdd7c4b57f7e38b7fe93bd2
Size

104KB
Sample

221129-qtg28sdd34
MD5

a614900496b7fbc0a288b1e5205a01cf
SHA1

fb6c1dfd94ad023d9fe4ddd6bce757389c32880f
SHA256

b87439352a7dcc7042e6ebcb9edda7fb0994b5f1dfdd7c4b57f7e38b7fe93bd2
SHA512

1647fae4767ff9c7968365ad0b9d094ac67bd7a36bc5706b312d94d56e31f5384ea66b4f2459a2917771cf04d5c6e3c360ee00568f1c289a98b8dbc64fd15337
SSDEEP

1536:JBmL/lgjJ8iIycDEJfNOPcDGwSgRouYmvqwMew7db/02u+bk/kruNIjnZLb:QNiIyc0m/3Zu+bkxCnBb

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b87439352a7dcc7042e6ebcb9edda7fb0994b5f1dfdd7c4b57f7e38b7fe93bd2
- Size
  
  104KB
- MD5
  
  a614900496b7fbc0a288b1e5205a01cf
- SHA1
  
  fb6c1dfd94ad023d9fe4ddd6bce757389c32880f
- SHA256
  
  b87439352a7dcc7042e6ebcb9edda7fb0994b5f1dfdd7c4b57f7e38b7fe93bd2
- SHA512
  
  1647fae4767ff9c7968365ad0b9d094ac67bd7a36bc5706b312d94d56e31f5384ea66b4f2459a2917771cf04d5c6e3c360ee00568f1c289a98b8dbc64fd15337
- SSDEEP
  
  1536:JBmL/lgjJ8iIycDEJfNOPcDGwSgRouYmvqwMew7db/02u+bk/kruNIjnZLb:QNiIyc0m/3Zu+bkxCnBb
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence