d62d3c3f9cb8ebbbedd6750aee35ddc37ef4391cbab63f7d56588e324d0a513e | Triage

Sharing

General

Target

d62d3c3f9cb8ebbbedd6750aee35ddc37ef4391cbab63f7d56588e324d0a513e
Size

240KB
Sample

221202-apt81aac7y
MD5

126ea13a492100b2e0c29abb5c30b65e
SHA1

71f8c90f5e6f15b2bbc63851164b10fe25ee5659
SHA256

d62d3c3f9cb8ebbbedd6750aee35ddc37ef4391cbab63f7d56588e324d0a513e
SHA512

9359fad7fcb3b68c15aba4ab2a9b3bc444a59cc40e6ad0473a33abd5f0850a4f447aeaf5e409b1387428eec8296ed56337ed8ed82cc6b85afc55bdc2289667e2
SSDEEP

6144:U6QFThz+4OAY0kmg7JXKj4vxim1EHlXnJJIyMAf5W/SbDHeIuy0bIA:Yrz+4OAY0kmg7JXKoyMAf5W/SbCIXWt

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d62d3c3f9cb8ebbbedd6750aee35ddc37ef4391cbab63f7d56588e324d0a513e
- Size
  
  240KB
- MD5
  
  126ea13a492100b2e0c29abb5c30b65e
- SHA1
  
  71f8c90f5e6f15b2bbc63851164b10fe25ee5659
- SHA256
  
  d62d3c3f9cb8ebbbedd6750aee35ddc37ef4391cbab63f7d56588e324d0a513e
- SHA512
  
  9359fad7fcb3b68c15aba4ab2a9b3bc444a59cc40e6ad0473a33abd5f0850a4f447aeaf5e409b1387428eec8296ed56337ed8ed82cc6b85afc55bdc2289667e2
- SSDEEP
  
  6144:U6QFThz+4OAY0kmg7JXKj4vxim1EHlXnJJIyMAf5W/SbDHeIuy0bIA:Yrz+4OAY0kmg7JXKoyMAf5W/SbCIXWt
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence