1736f10feb9cf03441051c0dd054a5b3c183de41ff8436b5e61c4b33a9a730bf | Triage

Sharing

General

Target

1736f10feb9cf03441051c0dd054a5b3c183de41ff8436b5e61c4b33a9a730bf
Size

272KB
Sample

221207-dbhjtsbh3v
MD5

31259c88b556402febd983099b2ece76
SHA1

2c67a87dc2da94eb430838562729f68fcaf110ed
SHA256

1736f10feb9cf03441051c0dd054a5b3c183de41ff8436b5e61c4b33a9a730bf
SHA512

71db7ee746516c98e3819a88ec1d7cd8f08b18dd638a7dfb473404f110d5d83028c9d61468fb6903e3c6b418be023e513076a65a132e748942adbc7e960a78c8
SSDEEP

3072:Z4I9gmss0FvbVJznCRcz/hVFA9MSs/PLLj+Qm4U3YwgTeA3ff:2VvbfznH7O9G/PLLxU3YwgT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1736f10feb9cf03441051c0dd054a5b3c183de41ff8436b5e61c4b33a9a730bf
- Size
  
  272KB
- MD5
  
  31259c88b556402febd983099b2ece76
- SHA1
  
  2c67a87dc2da94eb430838562729f68fcaf110ed
- SHA256
  
  1736f10feb9cf03441051c0dd054a5b3c183de41ff8436b5e61c4b33a9a730bf
- SHA512
  
  71db7ee746516c98e3819a88ec1d7cd8f08b18dd638a7dfb473404f110d5d83028c9d61468fb6903e3c6b418be023e513076a65a132e748942adbc7e960a78c8
- SSDEEP
  
  3072:Z4I9gmss0FvbVJznCRcz/hVFA9MSs/PLLj+Qm4U3YwgTeA3ff:2VvbfznH7O9G/PLLxU3YwgT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence