56659cb813be9b297986f3b54a656d79a2e97e423db31de3db2e5039b835325b | Triage

Sharing

General

Target

56659cb813be9b297986f3b54a656d79a2e97e423db31de3db2e5039b835325b
Size

168KB
Sample

221201-3prgbscf84
MD5

aeba923aa67744ef6570c3c770a4e07f
SHA1

7d4dc3567ca11550211bb668cbd2e041101ea3eb
SHA256

56659cb813be9b297986f3b54a656d79a2e97e423db31de3db2e5039b835325b
SHA512

9a97e1d408276e6a1ee392eb93366c7ea81981640c4e8202bc91102ed6c875d26618e59486215676eec37c545e80e91c8f2515d01e2f17020ebf1ae18d799722
SSDEEP

1536:xAFlHooXxTaSfm8UI+FQZAq7UjbJw5aCUZeBB++7XVFfFVE/9jMhmqLBzmxI:OlHooXxYUZvUH2aZZer++7XVb5gI

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  56659cb813be9b297986f3b54a656d79a2e97e423db31de3db2e5039b835325b
- Size
  
  168KB
- MD5
  
  aeba923aa67744ef6570c3c770a4e07f
- SHA1
  
  7d4dc3567ca11550211bb668cbd2e041101ea3eb
- SHA256
  
  56659cb813be9b297986f3b54a656d79a2e97e423db31de3db2e5039b835325b
- SHA512
  
  9a97e1d408276e6a1ee392eb93366c7ea81981640c4e8202bc91102ed6c875d26618e59486215676eec37c545e80e91c8f2515d01e2f17020ebf1ae18d799722
- SSDEEP
  
  1536:xAFlHooXxTaSfm8UI+FQZAq7UjbJw5aCUZeBB++7XVFfFVE/9jMhmqLBzmxI:OlHooXxYUZvUH2aZZer++7XVb5gI
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence