14864a5524c83f9dc77db046407d24b11d25cd950b81190f9524baf669fdeb45 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14864a5524c83f9dc77db046407d24b11d25cd950b81190f9524baf669fdeb45
Size

219KB
Sample

221201-3h6bxacb42
MD5

62d4134cde56768ee8b4e0437ac84e20
SHA1

71b8a1ccf900b9fa84add1f0708ccbdc2ac6a73b
SHA256

14864a5524c83f9dc77db046407d24b11d25cd950b81190f9524baf669fdeb45
SHA512

bee1ca09bba298e3d38e2dd4e4a8227adcf574930717c1f4ab4d0ae02410f92e9303f336aebbff0d0cbead132146b689078dd60e00da6c4bf1fd03088c244fae
SSDEEP

1536:ORiWvSMlp6jpF1vjZRs/AvBLACR2pBXhCku2f97jl3dhaFqL3O/jxTcx/jMcZ8FI:m7vpWjpIAvufOrNMxbVDtEDk

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  14864a5524c83f9dc77db046407d24b11d25cd950b81190f9524baf669fdeb45
- Size
  
  219KB
- MD5
  
  62d4134cde56768ee8b4e0437ac84e20
- SHA1
  
  71b8a1ccf900b9fa84add1f0708ccbdc2ac6a73b
- SHA256
  
  14864a5524c83f9dc77db046407d24b11d25cd950b81190f9524baf669fdeb45
- SHA512
  
  bee1ca09bba298e3d38e2dd4e4a8227adcf574930717c1f4ab4d0ae02410f92e9303f336aebbff0d0cbead132146b689078dd60e00da6c4bf1fd03088c244fae
- SSDEEP
  
  1536:ORiWvSMlp6jpF1vjZRs/AvBLACR2pBXhCku2f97jl3dhaFqL3O/jxTcx/jMcZ8FI:m7vpWjpIAvufOrNMxbVDtEDk
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence