587dc62fd937a0ebfaf6697093248936ee25a518b12062ae2b3f3f3a93ed3c20 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7de57a87780ded46524323376a49b0de
Size

284KB
Sample

231226-vbkgvsefh7
MD5

7de57a87780ded46524323376a49b0de
SHA1

a819239bb26f3b53501ebb483d54deaab6692315
SHA256

587dc62fd937a0ebfaf6697093248936ee25a518b12062ae2b3f3f3a93ed3c20
SHA512

6f34ea03eea3da410e772cd158363b336b50090a3429ba2f6894444dd9df1d8cd5cfd8eeb27046c2b632f8aa203328ebc2741f77545fa4b038f79b5a62a8f4a0
SSDEEP

6144:R+gJidChL5Rjda3P/fis6Do/uP+tFb84ly7aN:YgJidCF5xI3PH96DoWPYb8e

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7de57a87780ded46524323376a49b0de
- Size
  
  284KB
- MD5
  
  7de57a87780ded46524323376a49b0de
- SHA1
  
  a819239bb26f3b53501ebb483d54deaab6692315
- SHA256
  
  587dc62fd937a0ebfaf6697093248936ee25a518b12062ae2b3f3f3a93ed3c20
- SHA512
  
  6f34ea03eea3da410e772cd158363b336b50090a3429ba2f6894444dd9df1d8cd5cfd8eeb27046c2b632f8aa203328ebc2741f77545fa4b038f79b5a62a8f4a0
- SSDEEP
  
  6144:R+gJidChL5Rjda3P/fis6Do/uP+tFb84ly7aN:YgJidCF5xI3PH96DoWPYb8e
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence