34d6c7bc33e4d32b84a6e13ab997578d7520539d9fc2f8a9d20d58fcb8ee941f | Triage

Sharing

General

Target

0e2117cba8291420aa5ef854c4d440c1
Size

88KB
Sample

231225-h396dabafl
MD5

0e2117cba8291420aa5ef854c4d440c1
SHA1

96f5ff6decefdf155d6c4d6f76b3c4f98efcb42e
SHA256

34d6c7bc33e4d32b84a6e13ab997578d7520539d9fc2f8a9d20d58fcb8ee941f
SHA512

9ed25b0de0c491a7a9fe18a199a42e826503d9758ace5c110deca3e111d38c04a875ff433c08f893ee335b6ea0701f527bc2950f5a95a7a533aca977195c4f33
SSDEEP

1536:7BuvjHmCqG84caEz0+nCsNAhz74yWzVaAgGV4VE:kjHz84vz74yOsAgG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0e2117cba8291420aa5ef854c4d440c1
- Size
  
  88KB
- MD5
  
  0e2117cba8291420aa5ef854c4d440c1
- SHA1
  
  96f5ff6decefdf155d6c4d6f76b3c4f98efcb42e
- SHA256
  
  34d6c7bc33e4d32b84a6e13ab997578d7520539d9fc2f8a9d20d58fcb8ee941f
- SHA512
  
  9ed25b0de0c491a7a9fe18a199a42e826503d9758ace5c110deca3e111d38c04a875ff433c08f893ee335b6ea0701f527bc2950f5a95a7a533aca977195c4f33
- SSDEEP
  
  1536:7BuvjHmCqG84caEz0+nCsNAhz74yWzVaAgGV4VE:kjHz84vz74yOsAgG
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence