f27b5a4e69b5304089e55b434d84ad93f2a01447c33568ba9dc43c8e8c96c842 | Triage

Sharing

General

Target

f27b5a4e69b5304089e55b434d84ad93f2a01447c33568ba9dc43c8e8c96c842
Size

180KB
Sample

221202-g1qtaadh9w
MD5

79b072e3ddb6500f86c5f525356433fa
SHA1

0bf5e500e3142645df4b93a284ec15ecfd6b8edf
SHA256

f27b5a4e69b5304089e55b434d84ad93f2a01447c33568ba9dc43c8e8c96c842
SHA512

6bd24c5e14cdc2f5129fd8fdc4172acbd30efcd448bb01719e32c0bb19024ae45fab59399aee80b5234c603e13ce96b389c68678280801930423a13ceea56888
SSDEEP

1536:ruOFNFtwMUc2cFksJY6LQBeRrm6LoqzvXb7oJd:lvzS6LQM8H+fb7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f27b5a4e69b5304089e55b434d84ad93f2a01447c33568ba9dc43c8e8c96c842
- Size
  
  180KB
- MD5
  
  79b072e3ddb6500f86c5f525356433fa
- SHA1
  
  0bf5e500e3142645df4b93a284ec15ecfd6b8edf
- SHA256
  
  f27b5a4e69b5304089e55b434d84ad93f2a01447c33568ba9dc43c8e8c96c842
- SHA512
  
  6bd24c5e14cdc2f5129fd8fdc4172acbd30efcd448bb01719e32c0bb19024ae45fab59399aee80b5234c603e13ce96b389c68678280801930423a13ceea56888
- SSDEEP
  
  1536:ruOFNFtwMUc2cFksJY6LQBeRrm6LoqzvXb7oJd:lvzS6LQM8H+fb7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence