58266aba378ee999d606869ee53f7f2dc48ca66074ff523c36cb7d30a1ccf86c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

089a89d53af9fad687b9c948df166deb
Size

228KB
Sample

231225-gb719sgcfp
MD5

089a89d53af9fad687b9c948df166deb
SHA1

0bb8709d12753f3d9b127c11e30d1cb14bb8a9ff
SHA256

58266aba378ee999d606869ee53f7f2dc48ca66074ff523c36cb7d30a1ccf86c
SHA512

e2f98f42ab39ea6d628f101c2f561ccac5214ecc6d280766efb96ffd1de7ab292f7e5d3e4c96f4cc5f75b21493fdba1f1e793a1174bf404f4799e2dd6e25ccc9
SSDEEP

3072:egCoD0i5UYJVFV5eDQHsuvNA05Vqtto24VmcZMUuXi46qnd44KY06Ax:br3JrLeDQHr+uV0to24VmlUuSvqK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  089a89d53af9fad687b9c948df166deb
- Size
  
  228KB
- MD5
  
  089a89d53af9fad687b9c948df166deb
- SHA1
  
  0bb8709d12753f3d9b127c11e30d1cb14bb8a9ff
- SHA256
  
  58266aba378ee999d606869ee53f7f2dc48ca66074ff523c36cb7d30a1ccf86c
- SHA512
  
  e2f98f42ab39ea6d628f101c2f561ccac5214ecc6d280766efb96ffd1de7ab292f7e5d3e4c96f4cc5f75b21493fdba1f1e793a1174bf404f4799e2dd6e25ccc9
- SSDEEP
  
  3072:egCoD0i5UYJVFV5eDQHsuvNA05Vqtto24VmcZMUuXi46qnd44KY06Ax:br3JrLeDQHr+uV0to24VmlUuSvqK
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence