087e76b376daea96e28fe0db0385729109eede9e80488f8251d538f1e486a6b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

087e76b376daea96e28fe0db0385729109eede9e80488f8251d538f1e486a6b7
Size

172KB
Sample

221203-x8xjsshd87
MD5

271eb2c75226f4cf0fe1e9168e36a870
SHA1

a58e260c5a91ff97c4f4a22654e838d381f90306
SHA256

087e76b376daea96e28fe0db0385729109eede9e80488f8251d538f1e486a6b7
SHA512

0bed618a5ef0656947c82f6e5b29fa35862878d245c60bd363574a7f17c85ddbd38bd3b410c8b95a63af110bb39344c3ab90615341b1394b04e1661ac48b1f18
SSDEEP

3072:mw7VFEELScUbPcrbsibQmrl8akPZEeEqw:mwB5LuQl8FZuV

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  087e76b376daea96e28fe0db0385729109eede9e80488f8251d538f1e486a6b7
- Size
  
  172KB
- MD5
  
  271eb2c75226f4cf0fe1e9168e36a870
- SHA1
  
  a58e260c5a91ff97c4f4a22654e838d381f90306
- SHA256
  
  087e76b376daea96e28fe0db0385729109eede9e80488f8251d538f1e486a6b7
- SHA512
  
  0bed618a5ef0656947c82f6e5b29fa35862878d245c60bd363574a7f17c85ddbd38bd3b410c8b95a63af110bb39344c3ab90615341b1394b04e1661ac48b1f18
- SSDEEP
  
  3072:mw7VFEELScUbPcrbsibQmrl8akPZEeEqw:mwB5LuQl8FZuV
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence