27652b40869d5c47036cf4889a0fd5f22c61efbe61ff4f2e25491eb46aa9ae09 | Triage

Sharing

General

Target

27652b40869d5c47036cf4889a0fd5f22c61efbe61ff4f2e25491eb46aa9ae09
Size

208KB
Sample

221201-3vwcgadb89
MD5

0c7410fd1a3a558d570dec409b30c580
SHA1

938b8b0931608621f20025a662504919e0020ef0
SHA256

27652b40869d5c47036cf4889a0fd5f22c61efbe61ff4f2e25491eb46aa9ae09
SHA512

123cbc12b9d586fd37918f3f5fd322db4b5a7e02ca17270919c559e9fc401e2e200ed4cebf1f43841a35ec9880c41214f7765c8fdec669e778ba919a8bd484a4
SSDEEP

6144:7n+6Cg6o48Aw046bsoK/2ou3Ll4gUG8dBRB/QdNAKh+u8KL9soWHEV7xtI0pgRWL:7+6Cg6o48AwzDob5oPB3MZ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  27652b40869d5c47036cf4889a0fd5f22c61efbe61ff4f2e25491eb46aa9ae09
- Size
  
  208KB
- MD5
  
  0c7410fd1a3a558d570dec409b30c580
- SHA1
  
  938b8b0931608621f20025a662504919e0020ef0
- SHA256
  
  27652b40869d5c47036cf4889a0fd5f22c61efbe61ff4f2e25491eb46aa9ae09
- SHA512
  
  123cbc12b9d586fd37918f3f5fd322db4b5a7e02ca17270919c559e9fc401e2e200ed4cebf1f43841a35ec9880c41214f7765c8fdec669e778ba919a8bd484a4
- SSDEEP
  
  6144:7n+6Cg6o48Aw046bsoK/2ou3Ll4gUG8dBRB/QdNAKh+u8KL9soWHEV7xtI0pgRWL:7+6Cg6o48AwzDob5oPB3MZ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence