2574fc9d5d90c9e90febafd3ae4ad54e1547acd844659df5e378772137453e6b | Triage

Sharing

General

Target

2574fc9d5d90c9e90febafd3ae4ad54e1547acd844659df5e378772137453e6b
Size

126KB
Sample

221201-3g5nzsca55
MD5

75cb37779d0b0743a0e6cd49828abb20
SHA1

f4a3e2f80f4c689688fc47b2c5865b40375c0f42
SHA256

2574fc9d5d90c9e90febafd3ae4ad54e1547acd844659df5e378772137453e6b
SHA512

a02d159a94be207961f819697f111e3e5e288af85a06e667639aceda3b0d37ed082ab73802e6b720b2ac60e2e78312156c8700c020a6b63ae6f7168d51129008
SSDEEP

3072:EgamPMViJjByifjK+VpgsHt/RWy9/Ztu5Tma63cJ0Hmu:E6UViU8jHQ6xb9/TuqH

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2574fc9d5d90c9e90febafd3ae4ad54e1547acd844659df5e378772137453e6b
- Size
  
  126KB
- MD5
  
  75cb37779d0b0743a0e6cd49828abb20
- SHA1
  
  f4a3e2f80f4c689688fc47b2c5865b40375c0f42
- SHA256
  
  2574fc9d5d90c9e90febafd3ae4ad54e1547acd844659df5e378772137453e6b
- SHA512
  
  a02d159a94be207961f819697f111e3e5e288af85a06e667639aceda3b0d37ed082ab73802e6b720b2ac60e2e78312156c8700c020a6b63ae6f7168d51129008
- SSDEEP
  
  3072:EgamPMViJjByifjK+VpgsHt/RWy9/Ztu5Tma63cJ0Hmu:E6UViU8jHQ6xb9/TuqH
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence