623cdee1ffdb36106eed48299e2e2d3ed66472debcdece6b09d75f3d81fa14ca | Triage

Sharing

General

Target

623cdee1ffdb36106eed48299e2e2d3ed66472debcdece6b09d75f3d81fa14ca
Size

188KB
Sample

221207-dqq5hsaf22
MD5

299db8e4d715285eb182b1623b774b10
SHA1

0542f21aecbb6cd34cd058cd7662e323857e93f6
SHA256

623cdee1ffdb36106eed48299e2e2d3ed66472debcdece6b09d75f3d81fa14ca
SHA512

7f78c2f117dfdb25ddda522fb6738c2097ec05b91381921d7d49d036c4f3046b04935b04b6b32901b8ed6bc1a4c6e2c2b90581be51983618f76803b41b821330
SSDEEP

3072:QKxXAKunUbD4LdWKnvmb7/D26105nFeziUq6fNMUoZEA6YMSiWo7TI5Oa+EhFVjo:QgA9n0xKnvmb7/D261CnFeziUq6fNoZe

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  623cdee1ffdb36106eed48299e2e2d3ed66472debcdece6b09d75f3d81fa14ca
- Size
  
  188KB
- MD5
  
  299db8e4d715285eb182b1623b774b10
- SHA1
  
  0542f21aecbb6cd34cd058cd7662e323857e93f6
- SHA256
  
  623cdee1ffdb36106eed48299e2e2d3ed66472debcdece6b09d75f3d81fa14ca
- SHA512
  
  7f78c2f117dfdb25ddda522fb6738c2097ec05b91381921d7d49d036c4f3046b04935b04b6b32901b8ed6bc1a4c6e2c2b90581be51983618f76803b41b821330
- SSDEEP
  
  3072:QKxXAKunUbD4LdWKnvmb7/D26105nFeziUq6fNMUoZEA6YMSiWo7TI5Oa+EhFVjo:QgA9n0xKnvmb7/D261CnFeziUq6fNoZe
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence