d130579dcc242543487c7e8bb03fa5f09cdf88c77ec70c680872fdf0e2d648c2 | Triage

Sharing

General

Target

d130579dcc242543487c7e8bb03fa5f09cdf88c77ec70c680872fdf0e2d648c2
Size

128KB
Sample

221205-k9rzgsad91
MD5

cd4e753034a975044e480b8428d30687
SHA1

726a772f4cec923d28c920c161cea0d223adcf43
SHA256

d130579dcc242543487c7e8bb03fa5f09cdf88c77ec70c680872fdf0e2d648c2
SHA512

dffdc6c276a443e4b170d2e21ddcfe4c67c5eec6a8e9bc6dff35bb9c2f6605fe3678d71701de33aa5590612d9142d19398600a15287f034b39d02634e8df9629
SSDEEP

3072:eDyjSDvi4wwDCXcsTlyrGn8Dq7E0zQL16Yirqn5zd32C:ktwwDMpErGnWq7E0zQL3i2n5zd

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d130579dcc242543487c7e8bb03fa5f09cdf88c77ec70c680872fdf0e2d648c2
- Size
  
  128KB
- MD5
  
  cd4e753034a975044e480b8428d30687
- SHA1
  
  726a772f4cec923d28c920c161cea0d223adcf43
- SHA256
  
  d130579dcc242543487c7e8bb03fa5f09cdf88c77ec70c680872fdf0e2d648c2
- SHA512
  
  dffdc6c276a443e4b170d2e21ddcfe4c67c5eec6a8e9bc6dff35bb9c2f6605fe3678d71701de33aa5590612d9142d19398600a15287f034b39d02634e8df9629
- SSDEEP
  
  3072:eDyjSDvi4wwDCXcsTlyrGn8Dq7E0zQL16Yirqn5zd32C:ktwwDMpErGnWq7E0zQL3i2n5zd
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence