7442b91d9e692dd7880fd9667df9e097a63e030b2633f38a0071fbdbae69f5e4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7442b91d9e692dd7880fd9667df9e097a63e030b2633f38a0071fbdbae69f5e4
Size

268KB
Sample

221205-3r1ssahc52
MD5

77ce38a8e2ec054b4464327ba6adfb6e
SHA1

4baf37e86bed86636ff65a8a71dc90c84bf2a090
SHA256

7442b91d9e692dd7880fd9667df9e097a63e030b2633f38a0071fbdbae69f5e4
SHA512

95cf789732e376cca42cb000640a24dd24a3a81f4d6928d89051e17bab922d3f6c0f5ebe1b626dba6d387a9223262da586323a00ba97c48673249912775a1bbc
SSDEEP

3072:IH0IbGACBCc5nNHf/1rc911SQwjRRQG20KJehxo4EzFTfG1eGqFMIAO:q+IIy910QmR20We7EzlmqZn

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7442b91d9e692dd7880fd9667df9e097a63e030b2633f38a0071fbdbae69f5e4
- Size
  
  268KB
- MD5
  
  77ce38a8e2ec054b4464327ba6adfb6e
- SHA1
  
  4baf37e86bed86636ff65a8a71dc90c84bf2a090
- SHA256
  
  7442b91d9e692dd7880fd9667df9e097a63e030b2633f38a0071fbdbae69f5e4
- SHA512
  
  95cf789732e376cca42cb000640a24dd24a3a81f4d6928d89051e17bab922d3f6c0f5ebe1b626dba6d387a9223262da586323a00ba97c48673249912775a1bbc
- SSDEEP
  
  3072:IH0IbGACBCc5nNHf/1rc911SQwjRRQG20KJehxo4EzFTfG1eGqFMIAO:q+IIy910QmR20We7EzlmqZn
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence