ace9b3c59c29dc16cad3a7c62ee5315bd7f2cc6a20bb512846649bf6fe8bfa97 | Triage

Sharing

General

Target

030372cf501ce4b666bd911751c5e691
Size

180KB
Sample

231229-y6xx8aegh9
MD5

030372cf501ce4b666bd911751c5e691
SHA1

77c0b2711f082160e6a3fcb0e8817a2f87b60825
SHA256

ace9b3c59c29dc16cad3a7c62ee5315bd7f2cc6a20bb512846649bf6fe8bfa97
SHA512

4d1f8dd342d9b0f77119b23a5b466a040f211f2693d77d45d2b403ea629f486abbd43053532106816cb8185a208c4e4136e31943b6a9013fd07ff6a2b42dff50
SSDEEP

3072:T/iu7ehhNrWlAIJqPYNbihKovbAM4VkRvjCKuz3EwBT3edZlSL6aOuTOunpE7bVT:L5uhNrWlAIJqPYNbihRzrNvjITEeedZL

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  030372cf501ce4b666bd911751c5e691
- Size
  
  180KB
- MD5
  
  030372cf501ce4b666bd911751c5e691
- SHA1
  
  77c0b2711f082160e6a3fcb0e8817a2f87b60825
- SHA256
  
  ace9b3c59c29dc16cad3a7c62ee5315bd7f2cc6a20bb512846649bf6fe8bfa97
- SHA512
  
  4d1f8dd342d9b0f77119b23a5b466a040f211f2693d77d45d2b403ea629f486abbd43053532106816cb8185a208c4e4136e31943b6a9013fd07ff6a2b42dff50
- SSDEEP
  
  3072:T/iu7ehhNrWlAIJqPYNbihKovbAM4VkRvjCKuz3EwBT3edZlSL6aOuTOunpE7bVT:L5uhNrWlAIJqPYNbihRzrNvjITEeedZL
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence