78e6fd4cb4e3c394486b383721115cb65368e6e4065a3e503a0e447c8b63b0b5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

78e6fd4cb4e3c394486b383721115cb65368e6e4065a3e503a0e447c8b63b0b5
Size

124KB
Sample

221204-jagtsscf2s
MD5

13189e912bba47fec4a40b018ceae910
SHA1

aea5250c4bbd600ce0842c41fe538b20b376b1b9
SHA256

78e6fd4cb4e3c394486b383721115cb65368e6e4065a3e503a0e447c8b63b0b5
SHA512

55dbdb463643dcf496fc16f0c80e88b6c8a2d6227db32c6c56aeb63987247fdddd18144590840adfcac9889f2a6b8d8d34a3610c6c22cf80f2478d1be8e37229
SSDEEP

1536:XrbjEFQ/67NxkiQixA+alh98r8Y9USv1jyPwo7JaS1:bbjEFQ/67gjH8ri8iwQL

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  78e6fd4cb4e3c394486b383721115cb65368e6e4065a3e503a0e447c8b63b0b5
- Size
  
  124KB
- MD5
  
  13189e912bba47fec4a40b018ceae910
- SHA1
  
  aea5250c4bbd600ce0842c41fe538b20b376b1b9
- SHA256
  
  78e6fd4cb4e3c394486b383721115cb65368e6e4065a3e503a0e447c8b63b0b5
- SHA512
  
  55dbdb463643dcf496fc16f0c80e88b6c8a2d6227db32c6c56aeb63987247fdddd18144590840adfcac9889f2a6b8d8d34a3610c6c22cf80f2478d1be8e37229
- SSDEEP
  
  1536:XrbjEFQ/67NxkiQixA+alh98r8Y9USv1jyPwo7JaS1:bbjEFQ/67gjH8ri8iwQL
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence