b7bedf40d795009ecf9980310ed2b1129aabf3a9b6dd7d5677e5c78d569fe62e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7bedf40d795009ecf9980310ed2b1129aabf3a9b6dd7d5677e5c78d569fe62e
Size

88KB
Sample

221205-k58fnseb83
MD5

3578f8f75e7b11db88b950011721a42d
SHA1

23f2ecd283a897647122b597e65c0db1cc829b2e
SHA256

b7bedf40d795009ecf9980310ed2b1129aabf3a9b6dd7d5677e5c78d569fe62e
SHA512

1c4bd83ecb990228096572039c8a074c4eeabbece388b50b3029a3f617e83cf3ce3baf967026ad8f72a723577c416bd169826b756c7af068cda4eebbbe9a223b
SSDEEP

768:Gcb6o5izpnURLQ/JD60XDeVtA5YxmHwWW2iYf/ce2NZQcyAbdg5CIBT/DCwaTDNK:GmiFIQ/JDHKa5LJW6/Z2NZQ1vDmNmoGj

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b7bedf40d795009ecf9980310ed2b1129aabf3a9b6dd7d5677e5c78d569fe62e
- Size
  
  88KB
- MD5
  
  3578f8f75e7b11db88b950011721a42d
- SHA1
  
  23f2ecd283a897647122b597e65c0db1cc829b2e
- SHA256
  
  b7bedf40d795009ecf9980310ed2b1129aabf3a9b6dd7d5677e5c78d569fe62e
- SHA512
  
  1c4bd83ecb990228096572039c8a074c4eeabbece388b50b3029a3f617e83cf3ce3baf967026ad8f72a723577c416bd169826b756c7af068cda4eebbbe9a223b
- SSDEEP
  
  768:Gcb6o5izpnURLQ/JD60XDeVtA5YxmHwWW2iYf/ce2NZQcyAbdg5CIBT/DCwaTDNK:GmiFIQ/JDHKa5LJW6/Z2NZQ1vDmNmoGj
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence