a7b1d62487fe32951ea323c697d16c21e91ad09d76149a501e168a410abe4d65 | Triage

Sharing

General

Target

a7b1d62487fe32951ea323c697d16c21e91ad09d76149a501e168a410abe4d65
Size

124KB
Sample

221203-yymghsbf56
MD5

52d197a8f2403b7cd836dc265b72a988
SHA1

3407489236adab68e5e148aa4d3ab3b0c18117be
SHA256

a7b1d62487fe32951ea323c697d16c21e91ad09d76149a501e168a410abe4d65
SHA512

3087cb8caa73499283f6522e4d1597674e01c72a0566ab34de46c4fee4e49df0ffdacd49769a600e8db82120bd8fdde59263eaa95eed49dd724103c3970b6849
SSDEEP

3072:ICMQBK3vXvOG2RdYjH08qdLxilMiyfwAfGxMwE:5M2K3vXWG4mzQLxilMiyfwAfGx

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a7b1d62487fe32951ea323c697d16c21e91ad09d76149a501e168a410abe4d65
- Size
  
  124KB
- MD5
  
  52d197a8f2403b7cd836dc265b72a988
- SHA1
  
  3407489236adab68e5e148aa4d3ab3b0c18117be
- SHA256
  
  a7b1d62487fe32951ea323c697d16c21e91ad09d76149a501e168a410abe4d65
- SHA512
  
  3087cb8caa73499283f6522e4d1597674e01c72a0566ab34de46c4fee4e49df0ffdacd49769a600e8db82120bd8fdde59263eaa95eed49dd724103c3970b6849
- SSDEEP
  
  3072:ICMQBK3vXvOG2RdYjH08qdLxilMiyfwAfGxMwE:5M2K3vXWG4mzQLxilMiyfwAfGx
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence