8620d9f66b7e5e3973f9879986ec537f8d71f7d5b75bbdd8cf3963ed467a766b | Triage

Sharing

General

Target

8620d9f66b7e5e3973f9879986ec537f8d71f7d5b75bbdd8cf3963ed467a766b
Size

172KB
Sample

221201-3m252sfg5w
MD5

4bb44612a6f7c56bfe53263796864eef
SHA1

f96eda5de67fe98891c0d054d166607ab844416b
SHA256

8620d9f66b7e5e3973f9879986ec537f8d71f7d5b75bbdd8cf3963ed467a766b
SHA512

67aab9776a108297bb4cf4e33749bfcc96d55c73226270fe489a9340a485f5cb41402b8720a0a6af35aa7e9ea514576fd9b824d99b3700eef45ad370209f12f6
SSDEEP

3072:OChDLsNgqu3muDOqkVfbX936NDoZq4rvKyGXi:1DLsNgb3muDOqkpbX937Zq4ryi

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8620d9f66b7e5e3973f9879986ec537f8d71f7d5b75bbdd8cf3963ed467a766b
- Size
  
  172KB
- MD5
  
  4bb44612a6f7c56bfe53263796864eef
- SHA1
  
  f96eda5de67fe98891c0d054d166607ab844416b
- SHA256
  
  8620d9f66b7e5e3973f9879986ec537f8d71f7d5b75bbdd8cf3963ed467a766b
- SHA512
  
  67aab9776a108297bb4cf4e33749bfcc96d55c73226270fe489a9340a485f5cb41402b8720a0a6af35aa7e9ea514576fd9b824d99b3700eef45ad370209f12f6
- SSDEEP
  
  3072:OChDLsNgqu3muDOqkVfbX936NDoZq4rvKyGXi:1DLsNgb3muDOqkpbX937Zq4ryi
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence