963dd2544a0c062d1e0d30bc9765cf1d17d544bdfef2df6d261d6a4ab4f3b13b | Triage

Sharing

General

Target

963dd2544a0c062d1e0d30bc9765cf1d17d544bdfef2df6d261d6a4ab4f3b13b
Size

132KB
Sample

221205-3tey4acb8s
MD5

09fea76e38906828858086485e8fe1ba
SHA1

c2e8fbcb86b76b3796ad46571d80a76bca646cef
SHA256

963dd2544a0c062d1e0d30bc9765cf1d17d544bdfef2df6d261d6a4ab4f3b13b
SHA512

7ac83945c855820cc09d582e2f39c4e6f55ede5e6dd7b7405e018d1c25dcb401c10bdf9cceb68fa96a62dfe4590ad832b41ee41f9faf4101d3c77824410673c0
SSDEEP

1536:GMkK2d/4inMnzzMcVVnEGKbfSG7Gtg3sZnF0+VKk:nk3/nMnz4cVVnEGi53aF0+Mk

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  963dd2544a0c062d1e0d30bc9765cf1d17d544bdfef2df6d261d6a4ab4f3b13b
- Size
  
  132KB
- MD5
  
  09fea76e38906828858086485e8fe1ba
- SHA1
  
  c2e8fbcb86b76b3796ad46571d80a76bca646cef
- SHA256
  
  963dd2544a0c062d1e0d30bc9765cf1d17d544bdfef2df6d261d6a4ab4f3b13b
- SHA512
  
  7ac83945c855820cc09d582e2f39c4e6f55ede5e6dd7b7405e018d1c25dcb401c10bdf9cceb68fa96a62dfe4590ad832b41ee41f9faf4101d3c77824410673c0
- SSDEEP
  
  1536:GMkK2d/4inMnzzMcVVnEGKbfSG7Gtg3sZnF0+VKk:nk3/nMnz4cVVnEGi53aF0+Mk
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence