de9d23970cad0cb40fa8d824d69bdb649fb74b5c42b75e6e51c2c5a12b288ea1 | Triage

Sharing

General

Target

de9d23970cad0cb40fa8d824d69bdb649fb74b5c42b75e6e51c2c5a12b288ea1
Size

224KB
Sample

221201-2gayyabh3t
MD5

007c08f6e54ca6b2d5de2d69ddb85000
SHA1

48dc055f6fd59a22862ccaf23122b09294ab21f4
SHA256

de9d23970cad0cb40fa8d824d69bdb649fb74b5c42b75e6e51c2c5a12b288ea1
SHA512

9de00c17493944e8020db48f85becf22ded9ef063c14fad6df5da578ddb2b88713ba22ef45c868ea0b4230564bb6c2e8b6d097c008ff120c511b89a5866dc14f
SSDEEP

1536:zCedASRw0awoIZsh0CF+sKE0C1rZL4H0c/7wHeLxjaimtAbe79WCyiHCUXR6TAFG:i0MOFCsv/CL0jaQaWCyiHCx1psgN

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  de9d23970cad0cb40fa8d824d69bdb649fb74b5c42b75e6e51c2c5a12b288ea1
- Size
  
  224KB
- MD5
  
  007c08f6e54ca6b2d5de2d69ddb85000
- SHA1
  
  48dc055f6fd59a22862ccaf23122b09294ab21f4
- SHA256
  
  de9d23970cad0cb40fa8d824d69bdb649fb74b5c42b75e6e51c2c5a12b288ea1
- SHA512
  
  9de00c17493944e8020db48f85becf22ded9ef063c14fad6df5da578ddb2b88713ba22ef45c868ea0b4230564bb6c2e8b6d097c008ff120c511b89a5866dc14f
- SSDEEP
  
  1536:zCedASRw0awoIZsh0CF+sKE0C1rZL4H0c/7wHeLxjaimtAbe79WCyiHCUXR6TAFG:i0MOFCsv/CL0jaQaWCyiHCx1psgN
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence