7522f47cfac96c648b34cb5c80a04fe54b58ddf50e606408282b04ee09fc6331 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7522f47cfac96c648b34cb5c80a04fe54b58ddf50e606408282b04ee09fc6331
Size

232KB
Sample

221205-mnyw1sbd59
MD5

a531d4b4e81b8a9461c004cfc403f8f5
SHA1

f2a262cf829273e7d83cc5eec3e44cb47016596d
SHA256

7522f47cfac96c648b34cb5c80a04fe54b58ddf50e606408282b04ee09fc6331
SHA512

9f3b5a8cb22837981e06468712fc2f3000b5fa766be832ba69a2915074401d1ac3e5cf1cf13f8343d35bdd2499ce93222524b2a90bd8eb918293fb47776fa0c2
SSDEEP

3072:spMeBcmmYwN1Smm727IJCkvIwXX4Ph0ApMXyKKl+Hv/91I/2X3lDD:spPBcvYwN1S327Y54Ph0TXQkd18C3

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7522f47cfac96c648b34cb5c80a04fe54b58ddf50e606408282b04ee09fc6331
- Size
  
  232KB
- MD5
  
  a531d4b4e81b8a9461c004cfc403f8f5
- SHA1
  
  f2a262cf829273e7d83cc5eec3e44cb47016596d
- SHA256
  
  7522f47cfac96c648b34cb5c80a04fe54b58ddf50e606408282b04ee09fc6331
- SHA512
  
  9f3b5a8cb22837981e06468712fc2f3000b5fa766be832ba69a2915074401d1ac3e5cf1cf13f8343d35bdd2499ce93222524b2a90bd8eb918293fb47776fa0c2
- SSDEEP
  
  3072:spMeBcmmYwN1Smm727IJCkvIwXX4Ph0ApMXyKKl+Hv/91I/2X3lDD:spPBcvYwN1S327Y54Ph0TXQkd18C3
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence