532b9c2f479717a5ace60f0d7346fe0e52d16705d401d0c5ce8bccbe4ab560f7 | Triage

Sharing

General

Target

532b9c2f479717a5ace60f0d7346fe0e52d16705d401d0c5ce8bccbe4ab560f7
Size

116KB
Sample

221202-3p9ynsac3s
MD5

409ee028a77c4176a6c4dadea7232984
SHA1

35e18fac0fe393c95a8747fe39365b3aec705952
SHA256

532b9c2f479717a5ace60f0d7346fe0e52d16705d401d0c5ce8bccbe4ab560f7
SHA512

3a347db6915746411b63489e9a69d03baab4a28ea1b761fd74a66723d539f8c7137d90166f16026210baccc8c8fc3e3145d1f4c3ce1914105f4cc41f11c87dd8
SSDEEP

1536:7J0TcIs9MtpJ/nUk+++pZgGEbplftRkDhfdxoMqYjFe1JsR0KuwOZZZZH1gMiZA7:90T0MB/nUIRsjsS0xdZZZZVg27

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  532b9c2f479717a5ace60f0d7346fe0e52d16705d401d0c5ce8bccbe4ab560f7
- Size
  
  116KB
- MD5
  
  409ee028a77c4176a6c4dadea7232984
- SHA1
  
  35e18fac0fe393c95a8747fe39365b3aec705952
- SHA256
  
  532b9c2f479717a5ace60f0d7346fe0e52d16705d401d0c5ce8bccbe4ab560f7
- SHA512
  
  3a347db6915746411b63489e9a69d03baab4a28ea1b761fd74a66723d539f8c7137d90166f16026210baccc8c8fc3e3145d1f4c3ce1914105f4cc41f11c87dd8
- SSDEEP
  
  1536:7J0TcIs9MtpJ/nUk+++pZgGEbplftRkDhfdxoMqYjFe1JsR0KuwOZZZZH1gMiZA7:90T0MB/nUIRsjsS0xdZZZZVg27
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence