04a11507dada37ef732741cba579ba6fbd9d6a2d4ef57f9fc1e333aab23be30b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

203956ecc0d6b1987155bed7945f377d
Size

128KB
Sample

231225-p61vfaghb5
MD5

203956ecc0d6b1987155bed7945f377d
SHA1

5dd9ad4f875a8e63eb6a620efb25afc4f2198e18
SHA256

04a11507dada37ef732741cba579ba6fbd9d6a2d4ef57f9fc1e333aab23be30b
SHA512

ea3c48ab4fffa2f88939258ca1cdc019c82936e7f62405855bbb206dd70bd16b15424322c94338869b795b78d1977e88702308eb2abe78942166ff14bb705c06
SSDEEP

3072:eDyjSDvi4wdCXcsTlyrGn8Dq7E0zQL16Yirqn5zd3Zh3:ktwdMpErGnWq7E0zQL3i2n5zdf

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  203956ecc0d6b1987155bed7945f377d
- Size
  
  128KB
- MD5
  
  203956ecc0d6b1987155bed7945f377d
- SHA1
  
  5dd9ad4f875a8e63eb6a620efb25afc4f2198e18
- SHA256
  
  04a11507dada37ef732741cba579ba6fbd9d6a2d4ef57f9fc1e333aab23be30b
- SHA512
  
  ea3c48ab4fffa2f88939258ca1cdc019c82936e7f62405855bbb206dd70bd16b15424322c94338869b795b78d1977e88702308eb2abe78942166ff14bb705c06
- SSDEEP
  
  3072:eDyjSDvi4wdCXcsTlyrGn8Dq7E0zQL16Yirqn5zd3Zh3:ktwdMpErGnWq7E0zQL3i2n5zdf
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence