4ee3171eb8064ec1650b167c8ae40457535aed173db8093b4ad915c0d268f8bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

60201ddae4870b54e7c57934dc1e65ba
Size

196KB
Sample

231226-kgpzesacfk
MD5

60201ddae4870b54e7c57934dc1e65ba
SHA1

e8a4998756a1a07c90e0889c774f1aa32ee993be
SHA256

4ee3171eb8064ec1650b167c8ae40457535aed173db8093b4ad915c0d268f8bc
SHA512

84a81a76a74ab63780533b9785cc5af2fbe8b8b3373ad1a110770ab99904b79eebebacc7c77d41d23ac7bc2e1b7cafdb5e2a21db92bbb5cacfe15b03791c8c71
SSDEEP

6144:WMA4K16oTJWvfU4+bOl8femcK/fObT/bGimszUf7WqnP:3QAoTMvs4+bOlNK/fObT/bGipE7RP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  60201ddae4870b54e7c57934dc1e65ba
- Size
  
  196KB
- MD5
  
  60201ddae4870b54e7c57934dc1e65ba
- SHA1
  
  e8a4998756a1a07c90e0889c774f1aa32ee993be
- SHA256
  
  4ee3171eb8064ec1650b167c8ae40457535aed173db8093b4ad915c0d268f8bc
- SHA512
  
  84a81a76a74ab63780533b9785cc5af2fbe8b8b3373ad1a110770ab99904b79eebebacc7c77d41d23ac7bc2e1b7cafdb5e2a21db92bbb5cacfe15b03791c8c71
- SSDEEP
  
  6144:WMA4K16oTJWvfU4+bOl8femcK/fObT/bGimszUf7WqnP:3QAoTMvs4+bOlNK/fObT/bGipE7RP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence