79d8e93744e6fa421b1d0c64b56d83619b30d15be1dd5b29b69e6571e5c19a2c | Triage

Sharing

General

Target

79d8e93744e6fa421b1d0c64b56d83619b30d15be1dd5b29b69e6571e5c19a2c
Size

200KB
Sample

221202-a2vqasga36
MD5

7f24fc84d3d286df36917ef2d4d4c2cb
SHA1

2e06c8657d736e4336603690176e5126fd79e1d6
SHA256

79d8e93744e6fa421b1d0c64b56d83619b30d15be1dd5b29b69e6571e5c19a2c
SHA512

bd5d3865cd48fb4f10eaae3bca6626ca2332488700fee29b70ca76dff0da23cda023ddcd542cb6c990d0f6861a4c5aacd63e2d8007bfc49146f226d99a5d6231
SSDEEP

3072:jC2To/0Yxd0tQ9nLHbB9WPliBs2HWWEakGJm9rn:jCvP4QxL7B9WPli+yWWEazg

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  79d8e93744e6fa421b1d0c64b56d83619b30d15be1dd5b29b69e6571e5c19a2c
- Size
  
  200KB
- MD5
  
  7f24fc84d3d286df36917ef2d4d4c2cb
- SHA1
  
  2e06c8657d736e4336603690176e5126fd79e1d6
- SHA256
  
  79d8e93744e6fa421b1d0c64b56d83619b30d15be1dd5b29b69e6571e5c19a2c
- SHA512
  
  bd5d3865cd48fb4f10eaae3bca6626ca2332488700fee29b70ca76dff0da23cda023ddcd542cb6c990d0f6861a4c5aacd63e2d8007bfc49146f226d99a5d6231
- SSDEEP
  
  3072:jC2To/0Yxd0tQ9nLHbB9WPliBs2HWWEakGJm9rn:jCvP4QxL7B9WPli+yWWEazg
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence