00000078afd5c2441b0a4ca628c1b7bcc961a68f2b779d281af6d2af405b5f1a | Triage

Sharing

General

Target

00000078afd5c2441b0a4ca628c1b7bcc961a68f2b779d281af6d2af405b5f1a
Size

152KB
Sample

230314-b95qxach23
MD5

d041c6e0156b87978a54ab6a49f66593
SHA1

0a6d717d33329bbc794ac3d608d197e276654228
SHA256

00000078afd5c2441b0a4ca628c1b7bcc961a68f2b779d281af6d2af405b5f1a
SHA512

44544d301be9e15363e626a75898a955a2bfab7d001703631232a7d28d11cbec2f57b7ceb94c1400092a00e874864f4be52ce218dbba000275b4fcf9cde82df2
SSDEEP

3072:H3sVvl3Po5+tTjFqV+t3DRGCKBiAKN4oQZiEx0:SQ5+t8+NDR5AWWs

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  00000078afd5c2441b0a4ca628c1b7bcc961a68f2b779d281af6d2af405b5f1a
- Size
  
  152KB
- MD5
  
  d041c6e0156b87978a54ab6a49f66593
- SHA1
  
  0a6d717d33329bbc794ac3d608d197e276654228
- SHA256
  
  00000078afd5c2441b0a4ca628c1b7bcc961a68f2b779d281af6d2af405b5f1a
- SHA512
  
  44544d301be9e15363e626a75898a955a2bfab7d001703631232a7d28d11cbec2f57b7ceb94c1400092a00e874864f4be52ce218dbba000275b4fcf9cde82df2
- SSDEEP
  
  3072:H3sVvl3Po5+tTjFqV+t3DRGCKBiAKN4oQZiEx0:SQ5+t8+NDR5AWWs
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence