87f1b597b6c23340a8967b3bcc4c0dbdde01e96a1a6c6da973a724b34f890eec | Triage

Sharing

General

Target

320c0ab0c76b050bb417f4eb6d912f6e
Size

184KB
Sample

231225-wcvvnahhe7
MD5

320c0ab0c76b050bb417f4eb6d912f6e
SHA1

9bfc3c247353c0a3e09474df448e05845ec3fd28
SHA256

87f1b597b6c23340a8967b3bcc4c0dbdde01e96a1a6c6da973a724b34f890eec
SHA512

60835bf4b54a3cad6ee806a32604348dfff8c9bc5e905c37e9e7cd93572939c4eeb2754cf7cba722047033073cca8ecfdb3d555d30564d2ed7f08ec8da4f1687
SSDEEP

3072:w9h1cfl/BTyzcM+Knvmb7/D263i4qMbBQhAK/WOD2r1oX1/hcNcfAUane4RzsUZV:CClpTFzKnvmb7/D26y4qMSyKuOD2r1oy

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  320c0ab0c76b050bb417f4eb6d912f6e
- Size
  
  184KB
- MD5
  
  320c0ab0c76b050bb417f4eb6d912f6e
- SHA1
  
  9bfc3c247353c0a3e09474df448e05845ec3fd28
- SHA256
  
  87f1b597b6c23340a8967b3bcc4c0dbdde01e96a1a6c6da973a724b34f890eec
- SHA512
  
  60835bf4b54a3cad6ee806a32604348dfff8c9bc5e905c37e9e7cd93572939c4eeb2754cf7cba722047033073cca8ecfdb3d555d30564d2ed7f08ec8da4f1687
- SSDEEP
  
  3072:w9h1cfl/BTyzcM+Knvmb7/D263i4qMbBQhAK/WOD2r1oX1/hcNcfAUane4RzsUZV:CClpTFzKnvmb7/D26y4qMSyKuOD2r1oy
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence