5b2b835bd1cdc8e7b24586aa9aa08f4c155489b94e8b1a9f9d7afbbe658f084a | Triage

Sharing

General

Target

2d7d4eea1a6bbe40510f06cacd935309
Size

104KB
Sample

231225-t2n3asheh9
MD5

2d7d4eea1a6bbe40510f06cacd935309
SHA1

5963f0abe645080d81d94f1da0f8e3fe9f0a0b2b
SHA256

5b2b835bd1cdc8e7b24586aa9aa08f4c155489b94e8b1a9f9d7afbbe658f084a
SHA512

9dad3b6c5bf9b77049b5c0d6b93e9e5e1be5753b30a8004c7a4cace726c2dd4071b2de665090c24b252b523a72e943b7875273698ee582129f0e68742d22649b
SSDEEP

1536:5LDL/lgjJ8it6ycDEJfNOPcDGwmgRouYmvqwMewT/0Xu+b5krXNIjnZhN:5Ni4yccm/3iu+b+CnTN

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2d7d4eea1a6bbe40510f06cacd935309
- Size
  
  104KB
- MD5
  
  2d7d4eea1a6bbe40510f06cacd935309
- SHA1
  
  5963f0abe645080d81d94f1da0f8e3fe9f0a0b2b
- SHA256
  
  5b2b835bd1cdc8e7b24586aa9aa08f4c155489b94e8b1a9f9d7afbbe658f084a
- SHA512
  
  9dad3b6c5bf9b77049b5c0d6b93e9e5e1be5753b30a8004c7a4cace726c2dd4071b2de665090c24b252b523a72e943b7875273698ee582129f0e68742d22649b
- SSDEEP
  
  1536:5LDL/lgjJ8it6ycDEJfNOPcDGwmgRouYmvqwMewT/0Xu+b5krXNIjnZhN:5Ni4yccm/3iu+b+CnTN
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence