f61957fec55ace371566a67f137e6dfb0a10ef5bde54cc9c098f3d7f4459b94b | Triage

Sharing

General

Target

f61957fec55ace371566a67f137e6dfb0a10ef5bde54cc9c098f3d7f4459b94b
Size

132KB
Sample

221202-g1a3tsdh6z
MD5

a9cd1d28e8169c23f6434a4bcb71079f
SHA1

21802feb7239ba01357fdde4ac2141e1e102e78e
SHA256

f61957fec55ace371566a67f137e6dfb0a10ef5bde54cc9c098f3d7f4459b94b
SHA512

592352bc9a09314190e6da252248ed2b3d28509ee9f8b745731ddf3803fbc175af99bb7fe3b3e5e81c6d01bf1fc74ee38c28f82bb6954bd38970e1292e4f5495
SSDEEP

1536:B5g2SQl9LWYdNX9jLEuD9hJx8ghgNMCI+yczZM:AEnLW+NX9jL7hR+NTWKZM

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f61957fec55ace371566a67f137e6dfb0a10ef5bde54cc9c098f3d7f4459b94b
- Size
  
  132KB
- MD5
  
  a9cd1d28e8169c23f6434a4bcb71079f
- SHA1
  
  21802feb7239ba01357fdde4ac2141e1e102e78e
- SHA256
  
  f61957fec55ace371566a67f137e6dfb0a10ef5bde54cc9c098f3d7f4459b94b
- SHA512
  
  592352bc9a09314190e6da252248ed2b3d28509ee9f8b745731ddf3803fbc175af99bb7fe3b3e5e81c6d01bf1fc74ee38c28f82bb6954bd38970e1292e4f5495
- SSDEEP
  
  1536:B5g2SQl9LWYdNX9jLEuD9hJx8ghgNMCI+yczZM:AEnLW+NX9jL7hR+NTWKZM
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence