c77fbb353d39dbd0b8c90960f32a0d51409c8456561b253ba19896350cbdd9dc | Triage

Sharing

General

Target

c77fbb353d39dbd0b8c90960f32a0d51409c8456561b253ba19896350cbdd9dc
Size

88KB
Sample

221202-gyd2psdg3v
MD5

dafa7b98ad193d49b6d10d18d3df9f69
SHA1

89cf6645760205f2f3b3a964c9cf28ec8dda1165
SHA256

c77fbb353d39dbd0b8c90960f32a0d51409c8456561b253ba19896350cbdd9dc
SHA512

30260c9732d7b500194638fe1ad83729ee7bd8769b55ace3278ee5d88345df8ef96b207246e03489d31c314c01a391b248f392e6265947bfcb9664c8792583ea
SSDEEP

1536:SItuKIQ/JDHKa5LJW6/Z2NZQCvDmNmopA:b8KI8DHKuFOrNopA

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c77fbb353d39dbd0b8c90960f32a0d51409c8456561b253ba19896350cbdd9dc
- Size
  
  88KB
- MD5
  
  dafa7b98ad193d49b6d10d18d3df9f69
- SHA1
  
  89cf6645760205f2f3b3a964c9cf28ec8dda1165
- SHA256
  
  c77fbb353d39dbd0b8c90960f32a0d51409c8456561b253ba19896350cbdd9dc
- SHA512
  
  30260c9732d7b500194638fe1ad83729ee7bd8769b55ace3278ee5d88345df8ef96b207246e03489d31c314c01a391b248f392e6265947bfcb9664c8792583ea
- SSDEEP
  
  1536:SItuKIQ/JDHKa5LJW6/Z2NZQCvDmNmopA:b8KI8DHKuFOrNopA
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence