b24549946b2b8f0e39bfd0e904791af731f7ca4a8973eed3bbfb6859856dc02e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b24549946b2b8f0e39bfd0e904791af731f7ca4a8973eed3bbfb6859856dc02e
Size

216KB
Sample

221205-l84sbshh85
MD5

4682ceb4a51a4663c546e1a7293b6d47
SHA1

5179511e0988435069bc119fc340b6020d5df4b4
SHA256

b24549946b2b8f0e39bfd0e904791af731f7ca4a8973eed3bbfb6859856dc02e
SHA512

2fcfdbe9a1995c56ac946f7932b7efd253ae098e17814861b16c29b793cab25b20719c5b67031d2eb26acc215a0a87e025ed0896c599c210c03b0e5387b33bbd
SSDEEP

6144:vTmaZZP5XA+eMIRQwSQ4YH34AAoo070vYN0DQPwkqfS2Qh20K/BG0t7/lG1G8FGk:k/wVY

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b24549946b2b8f0e39bfd0e904791af731f7ca4a8973eed3bbfb6859856dc02e
- Size
  
  216KB
- MD5
  
  4682ceb4a51a4663c546e1a7293b6d47
- SHA1
  
  5179511e0988435069bc119fc340b6020d5df4b4
- SHA256
  
  b24549946b2b8f0e39bfd0e904791af731f7ca4a8973eed3bbfb6859856dc02e
- SHA512
  
  2fcfdbe9a1995c56ac946f7932b7efd253ae098e17814861b16c29b793cab25b20719c5b67031d2eb26acc215a0a87e025ed0896c599c210c03b0e5387b33bbd
- SSDEEP
  
  6144:vTmaZZP5XA+eMIRQwSQ4YH34AAoo070vYN0DQPwkqfS2Qh20K/BG0t7/lG1G8FGk:k/wVY
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence