713be8e8c592874de0c4db0f74ab7da5c21b5be79679e86bdcb6f075131683b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

713be8e8c592874de0c4db0f74ab7da5c21b5be79679e86bdcb6f075131683b7
Size

96KB
Sample

221205-28xxsaae71
MD5

f644a746751989d8a725ac452743abc0
SHA1

c6f20a920d4638e44ac518748dc1a28d58193c2d
SHA256

713be8e8c592874de0c4db0f74ab7da5c21b5be79679e86bdcb6f075131683b7
SHA512

f82909b5a22388643aa493ea6cae328df7c44ff92bd11ff349b7c0776b4825a3d9f733f7b4740519e62a2243f3d93f4746b6d04de11133fd12a0a79470c2c258
SSDEEP

1536:Y3zjtOULMD/2BzqBRpHf8ZyuBs+/PFdI8kIi/e+:UzjtOrD/2B2d8ZyuR7rZ+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  713be8e8c592874de0c4db0f74ab7da5c21b5be79679e86bdcb6f075131683b7
- Size
  
  96KB
- MD5
  
  f644a746751989d8a725ac452743abc0
- SHA1
  
  c6f20a920d4638e44ac518748dc1a28d58193c2d
- SHA256
  
  713be8e8c592874de0c4db0f74ab7da5c21b5be79679e86bdcb6f075131683b7
- SHA512
  
  f82909b5a22388643aa493ea6cae328df7c44ff92bd11ff349b7c0776b4825a3d9f733f7b4740519e62a2243f3d93f4746b6d04de11133fd12a0a79470c2c258
- SSDEEP
  
  1536:Y3zjtOULMD/2BzqBRpHf8ZyuBs+/PFdI8kIi/e+:UzjtOrD/2B2d8ZyuR7rZ+
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence