73e1ee879e5839f509e34531ca5972744bad5f24e7738f4bd15bdb6c02ccb93c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

73e1ee879e5839f509e34531ca5972744bad5f24e7738f4bd15bdb6c02ccb93c
Size

252KB
Sample

221205-mk5kdsba97
MD5

b2229032d7b335533a9dd254c9d29c6f
SHA1

1b71ab8a14291e67e1a424c633d2957a524bf8a4
SHA256

73e1ee879e5839f509e34531ca5972744bad5f24e7738f4bd15bdb6c02ccb93c
SHA512

51cb72b36e16b89de42cbfa6bc8ef666036dbd49a7bffa8837ba0b4aae63e9915b6a0f6c187c53e09c716f94795588255cef7d922a557f001793e319ac775b9c
SSDEEP

6144:0d0EJxRpLPGO/7YBNPVlVRgoEA9Qx2fKHEZXrUEQOy7:cFVjwPVlVRgoEA9Qx2fKHEZXrbG7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  73e1ee879e5839f509e34531ca5972744bad5f24e7738f4bd15bdb6c02ccb93c
- Size
  
  252KB
- MD5
  
  b2229032d7b335533a9dd254c9d29c6f
- SHA1
  
  1b71ab8a14291e67e1a424c633d2957a524bf8a4
- SHA256
  
  73e1ee879e5839f509e34531ca5972744bad5f24e7738f4bd15bdb6c02ccb93c
- SHA512
  
  51cb72b36e16b89de42cbfa6bc8ef666036dbd49a7bffa8837ba0b4aae63e9915b6a0f6c187c53e09c716f94795588255cef7d922a557f001793e319ac775b9c
- SSDEEP
  
  6144:0d0EJxRpLPGO/7YBNPVlVRgoEA9Qx2fKHEZXrUEQOy7:cFVjwPVlVRgoEA9Qx2fKHEZXrbG7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence