c6164eb23e75fac6ccbf82e4729d6b6b7d04f456e6ed8e2d23abe1acb9583520 | Triage

Sharing

General

Target

0729d893aeb17d01a61877855d52e33c
Size

48KB
Sample

231229-3mm15agfdk
MD5

0729d893aeb17d01a61877855d52e33c
SHA1

37c44c6c8225a71eaf9506f1dddb8c0f2a288b85
SHA256

c6164eb23e75fac6ccbf82e4729d6b6b7d04f456e6ed8e2d23abe1acb9583520
SHA512

1c98736fa5865645ee06c63400c4f8090780f30c887d581066b410cae97519f5735be225e971ce339fca9171a900a9471aed9695bd8174080cd5a9a008376e6b
SSDEEP

768:ljNEhmygYfsdYC7v+6wH9H7MfygXaDMFQXD7e:ljam+EeCX6NNDsQXD7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0729d893aeb17d01a61877855d52e33c
- Size
  
  48KB
- MD5
  
  0729d893aeb17d01a61877855d52e33c
- SHA1
  
  37c44c6c8225a71eaf9506f1dddb8c0f2a288b85
- SHA256
  
  c6164eb23e75fac6ccbf82e4729d6b6b7d04f456e6ed8e2d23abe1acb9583520
- SHA512
  
  1c98736fa5865645ee06c63400c4f8090780f30c887d581066b410cae97519f5735be225e971ce339fca9171a900a9471aed9695bd8174080cd5a9a008376e6b
- SSDEEP
  
  768:ljNEhmygYfsdYC7v+6wH9H7MfygXaDMFQXD7e:ljam+EeCX6NNDsQXD7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence