715324ad6d2ba7b30fea55066c55a7f95889f302d668ee6aa28e393e7b3f7db8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

715324ad6d2ba7b30fea55066c55a7f95889f302d668ee6aa28e393e7b3f7db8
Size

204KB
Sample

221203-yshalsbb55
MD5

767aeeb2fc1e27f8d38856cc8f2e5002
SHA1

09740730a0b5e4f4d41f1d93fd64596ce7b1749b
SHA256

715324ad6d2ba7b30fea55066c55a7f95889f302d668ee6aa28e393e7b3f7db8
SHA512

8959b962bb56a63ba3812abbb5b333849f5d30f99ad89d56e32838a0e1b7311d948ed23bb0a511dc4b427c20b7d0710024f974bf3ae200d3550034d1b24b4fc8
SSDEEP

3072:2uCA3xUTWor5J20AisM/8jp6tdlWbRVslWQifgO4F0klDd:2YUTWqJ3RsM/8E/IbRuLifI0kr

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  715324ad6d2ba7b30fea55066c55a7f95889f302d668ee6aa28e393e7b3f7db8
- Size
  
  204KB
- MD5
  
  767aeeb2fc1e27f8d38856cc8f2e5002
- SHA1
  
  09740730a0b5e4f4d41f1d93fd64596ce7b1749b
- SHA256
  
  715324ad6d2ba7b30fea55066c55a7f95889f302d668ee6aa28e393e7b3f7db8
- SHA512
  
  8959b962bb56a63ba3812abbb5b333849f5d30f99ad89d56e32838a0e1b7311d948ed23bb0a511dc4b427c20b7d0710024f974bf3ae200d3550034d1b24b4fc8
- SSDEEP
  
  3072:2uCA3xUTWor5J20AisM/8jp6tdlWbRVslWQifgO4F0klDd:2YUTWqJ3RsM/8E/IbRuLifI0kr
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence