26a60290b145ace56ebfe219e3868aa632e00a438fb0328e427f06531f9b5ee2 | Triage

Sharing

General

Target

440e4c9530f309b8d3fa239ca4fb9e58
Size

232KB
Sample

231225-3rbhwsbag2
MD5

440e4c9530f309b8d3fa239ca4fb9e58
SHA1

2ff64f58200eb602d3a8fc7ce1c2d9d6cf2291b6
SHA256

26a60290b145ace56ebfe219e3868aa632e00a438fb0328e427f06531f9b5ee2
SHA512

8c7c55e481a8f031cb910e736ca773b44c81cec6199d54360f373c87706e66495eea65bd148984d05d2a4d5a19f4e278d04a4f0e6d0ec4278695d364aaa1c3e2
SSDEEP

6144:/C3PFKs7STL6eEqxF6snji81RUinKn3Kt+dNF1FE:YPhPDFfE

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  440e4c9530f309b8d3fa239ca4fb9e58
- Size
  
  232KB
- MD5
  
  440e4c9530f309b8d3fa239ca4fb9e58
- SHA1
  
  2ff64f58200eb602d3a8fc7ce1c2d9d6cf2291b6
- SHA256
  
  26a60290b145ace56ebfe219e3868aa632e00a438fb0328e427f06531f9b5ee2
- SHA512
  
  8c7c55e481a8f031cb910e736ca773b44c81cec6199d54360f373c87706e66495eea65bd148984d05d2a4d5a19f4e278d04a4f0e6d0ec4278695d364aaa1c3e2
- SSDEEP
  
  6144:/C3PFKs7STL6eEqxF6snji81RUinKn3Kt+dNF1FE:YPhPDFfE
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence