ab39e04492a05386f8686c87040be6a49879d629cd922d3af1d91691224fc651 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab39e04492a05386f8686c87040be6a49879d629cd922d3af1d91691224fc651
Size

192KB
Sample

221201-2w5f4aab53
MD5

74e623e60efda5cbe2329b07ade8fabf
SHA1

5681e47d358fb9fd2a6fe5f9ee2d4df0a857e0f5
SHA256

ab39e04492a05386f8686c87040be6a49879d629cd922d3af1d91691224fc651
SHA512

04359f386b1d1261ba0210e73d61ac2c45e3d70ece32b1c8b5fa16853d128a36a5e888be9927b0e9f98911364ebb404c8b9dd7f98496037db7e65124706cd39c
SSDEEP

1536:hxHABQruHlTaPRi4iti93MH9iV6MRfWzzp3BHReQbIYL2XoPLJB514R9/dJqi/7:j2QraTIRi4itiSHXzp3uYTPLJOhD

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ab39e04492a05386f8686c87040be6a49879d629cd922d3af1d91691224fc651
- Size
  
  192KB
- MD5
  
  74e623e60efda5cbe2329b07ade8fabf
- SHA1
  
  5681e47d358fb9fd2a6fe5f9ee2d4df0a857e0f5
- SHA256
  
  ab39e04492a05386f8686c87040be6a49879d629cd922d3af1d91691224fc651
- SHA512
  
  04359f386b1d1261ba0210e73d61ac2c45e3d70ece32b1c8b5fa16853d128a36a5e888be9927b0e9f98911364ebb404c8b9dd7f98496037db7e65124706cd39c
- SSDEEP
  
  1536:hxHABQruHlTaPRi4iti93MH9iV6MRfWzzp3BHReQbIYL2XoPLJB514R9/dJqi/7:j2QraTIRi4itiSHXzp3uYTPLJOhD
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence