7b3f06aa120fcd168c8de9916f41f7f8835eeffcdf2d68ddad89902697109f8d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7b3f06aa120fcd168c8de9916f41f7f8835eeffcdf2d68ddad89902697109f8d
Size

100KB
Sample

221202-x5ejtaah3t
MD5

3f253e5b4a8b4d5e863ef31dfbac8331
SHA1

59254099c6d213c539fbabb35c33a21cea913713
SHA256

7b3f06aa120fcd168c8de9916f41f7f8835eeffcdf2d68ddad89902697109f8d
SHA512

60ea0b2da816926a2a95ccaf4c55f507dcca92de80a196d50397a50f03ee37e244db2c776d805e7ce66b9bd760003d0ee3cdfa198a9d521b3798c4e8db7b282c
SSDEEP

1536:IyW9cX220mQI5xJKIRGWcOUP7vXArnY1ZqAefzyesVNIj/:1hQdNAfzyeOC/

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7b3f06aa120fcd168c8de9916f41f7f8835eeffcdf2d68ddad89902697109f8d
- Size
  
  100KB
- MD5
  
  3f253e5b4a8b4d5e863ef31dfbac8331
- SHA1
  
  59254099c6d213c539fbabb35c33a21cea913713
- SHA256
  
  7b3f06aa120fcd168c8de9916f41f7f8835eeffcdf2d68ddad89902697109f8d
- SHA512
  
  60ea0b2da816926a2a95ccaf4c55f507dcca92de80a196d50397a50f03ee37e244db2c776d805e7ce66b9bd760003d0ee3cdfa198a9d521b3798c4e8db7b282c
- SSDEEP
  
  1536:IyW9cX220mQI5xJKIRGWcOUP7vXArnY1ZqAefzyesVNIj/:1hQdNAfzyeOC/
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence