17f36304a35d2c4c0313931bd2f94d7f47cbbe48198f1790964f90685a2eecd1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17f36304a35d2c4c0313931bd2f94d7f47cbbe48198f1790964f90685a2eecd1
Size

144KB
Sample

221207-djrgpsce91
MD5

1c0e8cae103bb58a8f691dc17a45cbe0
SHA1

d178e23d8192f6d447c581a396a6996a32c937fa
SHA256

17f36304a35d2c4c0313931bd2f94d7f47cbbe48198f1790964f90685a2eecd1
SHA512

757363426d0243f3f6d50de61a6fdaf0d6f6f6985fed222dfda91359a959ba35d0cc3a4fc685e003ed28484ef7c2336b73d4ee0e53ac805076461803d424311f
SSDEEP

3072:ziJKN7sCWQjqI5wWKCFhYRB/t+VV5CrmA:uJKN7s2jv5w4FsB+U

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  17f36304a35d2c4c0313931bd2f94d7f47cbbe48198f1790964f90685a2eecd1
- Size
  
  144KB
- MD5
  
  1c0e8cae103bb58a8f691dc17a45cbe0
- SHA1
  
  d178e23d8192f6d447c581a396a6996a32c937fa
- SHA256
  
  17f36304a35d2c4c0313931bd2f94d7f47cbbe48198f1790964f90685a2eecd1
- SHA512
  
  757363426d0243f3f6d50de61a6fdaf0d6f6f6985fed222dfda91359a959ba35d0cc3a4fc685e003ed28484ef7c2336b73d4ee0e53ac805076461803d424311f
- SSDEEP
  
  3072:ziJKN7sCWQjqI5wWKCFhYRB/t+VV5CrmA:uJKN7s2jv5w4FsB+U
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence