e59e1c288a445ddde1bd826470bd262b5d351ba83ea9d82ad8329157e3fcc37e | Triage

Sharing

General

Target

0df9635533f46079ded4e2f41aa75180
Size

552KB
Sample

231224-ybat7sebd7
MD5

0df9635533f46079ded4e2f41aa75180
SHA1

e84dc00c265fd2596160d92db35afcabb9fd721c
SHA256

e59e1c288a445ddde1bd826470bd262b5d351ba83ea9d82ad8329157e3fcc37e
SHA512

eb4d28951fd98cd4713461beddd1ab1a44e2abefb11a29deea2d1977fbdaabc4b1b1a6b5d1bd5091a37d1ec8002f331797d348ea19a6594097f599bc08dd2f67
SSDEEP

12288:tPHFsiMMnMMMMMG7ydZOtY+KVb4zgR3Qt3Q3CX1LA6T:tNsiMMnMMMMMG7EZ2Y1Vb4zr4g1VT

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  0df9635533f46079ded4e2f41aa75180
- Size
  
  552KB
- MD5
  
  0df9635533f46079ded4e2f41aa75180
- SHA1
  
  e84dc00c265fd2596160d92db35afcabb9fd721c
- SHA256
  
  e59e1c288a445ddde1bd826470bd262b5d351ba83ea9d82ad8329157e3fcc37e
- SHA512
  
  eb4d28951fd98cd4713461beddd1ab1a44e2abefb11a29deea2d1977fbdaabc4b1b1a6b5d1bd5091a37d1ec8002f331797d348ea19a6594097f599bc08dd2f67
- SSDEEP
  
  12288:tPHFsiMMnMMMMMG7ydZOtY+KVb4zgR3Qt3Q3CX1LA6T:tNsiMMnMMMMMG7EZ2Y1Vb4zr4g1VT
Score

8^/10

evasion persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence