a626ab12f272b063728e7b4879bac3bb22e6c1e445cf08e88cf3cee637246905 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a626ab12f272b063728e7b4879bac3bb22e6c1e445cf08e88cf3cee637246905
Size

152KB
Sample

221203-vwqjlsdf8t
MD5

076d199379562ad5588adcc7294f0450
SHA1

27347d729b901a4f8efdb384b1b8b0333cdf10cd
SHA256

a626ab12f272b063728e7b4879bac3bb22e6c1e445cf08e88cf3cee637246905
SHA512

99fcdd92f6285e5f4684b69cb512c94335dd48973b309b7941a6ecdddd509d73a51466b436e2e5390b401ea016f157777fd3c42347a8458b57b3b660660b569c
SSDEEP

3072:15EGQHCzwrCaHHvhtbz0wXtV2eZDEUXni7fo7KSif8xWM33r3k1jTCZM6E5j4oQ:MGWCzwrCW/0AHa8nuo7KSif8xWM33r38

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a626ab12f272b063728e7b4879bac3bb22e6c1e445cf08e88cf3cee637246905
- Size
  
  152KB
- MD5
  
  076d199379562ad5588adcc7294f0450
- SHA1
  
  27347d729b901a4f8efdb384b1b8b0333cdf10cd
- SHA256
  
  a626ab12f272b063728e7b4879bac3bb22e6c1e445cf08e88cf3cee637246905
- SHA512
  
  99fcdd92f6285e5f4684b69cb512c94335dd48973b309b7941a6ecdddd509d73a51466b436e2e5390b401ea016f157777fd3c42347a8458b57b3b660660b569c
- SSDEEP
  
  3072:15EGQHCzwrCaHHvhtbz0wXtV2eZDEUXni7fo7KSif8xWM33r3k1jTCZM6E5j4oQ:MGWCzwrCW/0AHa8nuo7KSif8xWM33r38
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence