5db1645dacbc300e2efc60b0d6e7d27e49e49d4d42d5959cafab97083b45d51e | Triage

Sharing

General

Target

5db1645dacbc300e2efc60b0d6e7d27e49e49d4d42d5959cafab97083b45d51e
Size

156KB
Sample

221201-3n412afh3y
MD5

7316a325082bd2eabd2b2c0f40c6b0fa
SHA1

12bd6be985178b3442be7b07557e7fd592e58ddd
SHA256

5db1645dacbc300e2efc60b0d6e7d27e49e49d4d42d5959cafab97083b45d51e
SHA512

915eb3e685be7e65bffdd49e9552d5ba2f0fe1558d15410a0ff1d0f313a87312b9570a0883ab4ea72fd381c3ee48dcff683134957dfefc713daaaeb30c3661eb
SSDEEP

1536:MPan4ngzp0B8jNuRe305Xrud5N9jRMmBUKH7zD87/u+JcBqVbv1BsbhbEle+RReZ:9ogeAufubFKVXcBqB1BGSjNX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5db1645dacbc300e2efc60b0d6e7d27e49e49d4d42d5959cafab97083b45d51e
- Size
  
  156KB
- MD5
  
  7316a325082bd2eabd2b2c0f40c6b0fa
- SHA1
  
  12bd6be985178b3442be7b07557e7fd592e58ddd
- SHA256
  
  5db1645dacbc300e2efc60b0d6e7d27e49e49d4d42d5959cafab97083b45d51e
- SHA512
  
  915eb3e685be7e65bffdd49e9552d5ba2f0fe1558d15410a0ff1d0f313a87312b9570a0883ab4ea72fd381c3ee48dcff683134957dfefc713daaaeb30c3661eb
- SSDEEP
  
  1536:MPan4ngzp0B8jNuRe305Xrud5N9jRMmBUKH7zD87/u+JcBqVbv1BsbhbEle+RReZ:9ogeAufubFKVXcBqB1BGSjNX
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence