85707eb6a562c9cb40f4b2e1d0804b6cddb7cf94a0761201c252301c75ea8585 | Triage

Sharing

General

Target

85707eb6a562c9cb40f4b2e1d0804b6cddb7cf94a0761201c252301c75ea8585
Size

124KB
Sample

221203-wsqkwadb46
MD5

820e65421734301a97d58372e2aefaca
SHA1

c7b8e591cb68786f95b14b0afbe52e351ea2c14b
SHA256

85707eb6a562c9cb40f4b2e1d0804b6cddb7cf94a0761201c252301c75ea8585
SHA512

0448b625997a0797c046b9ae58aca89400e52bfcb88826f8f9e6d0e51358cdc84f22577211dff72d0de367286a986e02346b9924fa17076039132cc8f167dad0
SSDEEP

1536:MOtkjHTQZU0GgAJa0P1kNmKldCMhdu8KWP/nTn8nBP9VeRPNeG0h/y:Bkj0ZU0GgAT9QIq

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  85707eb6a562c9cb40f4b2e1d0804b6cddb7cf94a0761201c252301c75ea8585
- Size
  
  124KB
- MD5
  
  820e65421734301a97d58372e2aefaca
- SHA1
  
  c7b8e591cb68786f95b14b0afbe52e351ea2c14b
- SHA256
  
  85707eb6a562c9cb40f4b2e1d0804b6cddb7cf94a0761201c252301c75ea8585
- SHA512
  
  0448b625997a0797c046b9ae58aca89400e52bfcb88826f8f9e6d0e51358cdc84f22577211dff72d0de367286a986e02346b9924fa17076039132cc8f167dad0
- SSDEEP
  
  1536:MOtkjHTQZU0GgAJa0P1kNmKldCMhdu8KWP/nTn8nBP9VeRPNeG0h/y:Bkj0ZU0GgAT9QIq
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence