f769f019103088c20a1fc3f6c66e65d82c52ec66de51a548df4f2ad12f3a4081 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f769f019103088c20a1fc3f6c66e65d82c52ec66de51a548df4f2ad12f3a4081
Size

176KB
Sample

221203-yyfc7sbf38
MD5

12da361e639179dec0f293fa4d591e61
SHA1

62f3a963fb483b567c7fdb9d9a82ae1ecff1a912
SHA256

f769f019103088c20a1fc3f6c66e65d82c52ec66de51a548df4f2ad12f3a4081
SHA512

71ce8b89ca767c1bc8fec948b9d46fc58b984cdec143b6a3452d0b402617e066500e818f0f022424edb952c028b89204a38505bb05c31844a60510af5dd94f1f
SSDEEP

3072:vButNB57EoiO8S9aCWKnvmb7/D26BXbBD8R4FpjIyc4j+agdLfED0Co0beLzU9Ak:vBcfBQKnvmb7/D26BLBD8R4FpjIyc4jh

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f769f019103088c20a1fc3f6c66e65d82c52ec66de51a548df4f2ad12f3a4081
- Size
  
  176KB
- MD5
  
  12da361e639179dec0f293fa4d591e61
- SHA1
  
  62f3a963fb483b567c7fdb9d9a82ae1ecff1a912
- SHA256
  
  f769f019103088c20a1fc3f6c66e65d82c52ec66de51a548df4f2ad12f3a4081
- SHA512
  
  71ce8b89ca767c1bc8fec948b9d46fc58b984cdec143b6a3452d0b402617e066500e818f0f022424edb952c028b89204a38505bb05c31844a60510af5dd94f1f
- SSDEEP
  
  3072:vButNB57EoiO8S9aCWKnvmb7/D26BXbBD8R4FpjIyc4j+agdLfED0Co0beLzU9Ak:vBcfBQKnvmb7/D26BLBD8R4FpjIyc4jh
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence