a927647d92f3ff8617564cd7a1f0cb8dfb11bc75998d08f446106236a3fd3a27 | Triage

Sharing

General

Target

a927647d92f3ff8617564cd7a1f0cb8dfb11bc75998d08f446106236a3fd3a27
Size

304KB
Sample

221202-apjr9seh78
MD5

148e26efe13ddfb91ad6cad69bfb6978
SHA1

766e7495ea293960a26899b3031049f6d68fe713
SHA256

a927647d92f3ff8617564cd7a1f0cb8dfb11bc75998d08f446106236a3fd3a27
SHA512

8ddabddffb6f0745622be0facac5c7f24c91d92bae863d9b7edf7c4c1215bb260f4be928bbbcb9ae56dc9f9ce98337ae48fc40653c5e689676bd8eddfe6f7351
SSDEEP

6144:wduxaKe/9f8AbGcdeoDW+/OWtb9yOPmeAVbfP1r4riA7AroW+nYaFyzf/H551Fji:wkxy/9UtO2TW00UM5AEPoViJAndeyC5

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a927647d92f3ff8617564cd7a1f0cb8dfb11bc75998d08f446106236a3fd3a27
- Size
  
  304KB
- MD5
  
  148e26efe13ddfb91ad6cad69bfb6978
- SHA1
  
  766e7495ea293960a26899b3031049f6d68fe713
- SHA256
  
  a927647d92f3ff8617564cd7a1f0cb8dfb11bc75998d08f446106236a3fd3a27
- SHA512
  
  8ddabddffb6f0745622be0facac5c7f24c91d92bae863d9b7edf7c4c1215bb260f4be928bbbcb9ae56dc9f9ce98337ae48fc40653c5e689676bd8eddfe6f7351
- SSDEEP
  
  6144:wduxaKe/9f8AbGcdeoDW+/OWtb9yOPmeAVbfP1r4riA7AroW+nYaFyzf/H551Fji:wkxy/9UtO2TW00UM5AEPoViJAndeyC5
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence