7b583b5ae85ac25cb9d6f05587b26904e4389b2f8f5b4710c46acc86b5235ea4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

038679fdd242e6886d6a6bc631f31991
Size

248KB
Sample

231229-zjqq3aadc6
MD5

038679fdd242e6886d6a6bc631f31991
SHA1

8569e82220960fca46817f99992b3f647c313381
SHA256

7b583b5ae85ac25cb9d6f05587b26904e4389b2f8f5b4710c46acc86b5235ea4
SHA512

c158ace187f0ffedd9659462f1a03319ac95fc5ec014e7703bd09d61bded23c794ee5ca67f716f6a27e5fd2d481cc81a55fcd1b26cc8813d05f9034cdbe732b0
SSDEEP

3072:EAYTc3bNEnv9DHkY+38wG/wUnois8Y2ngX+e/M7oM0HYLcjoYBsH2d:EHTayI8wGfoUY2gXo7oX4LcdBs2

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  038679fdd242e6886d6a6bc631f31991
- Size
  
  248KB
- MD5
  
  038679fdd242e6886d6a6bc631f31991
- SHA1
  
  8569e82220960fca46817f99992b3f647c313381
- SHA256
  
  7b583b5ae85ac25cb9d6f05587b26904e4389b2f8f5b4710c46acc86b5235ea4
- SHA512
  
  c158ace187f0ffedd9659462f1a03319ac95fc5ec014e7703bd09d61bded23c794ee5ca67f716f6a27e5fd2d481cc81a55fcd1b26cc8813d05f9034cdbe732b0
- SSDEEP
  
  3072:EAYTc3bNEnv9DHkY+38wG/wUnois8Y2ngX+e/M7oM0HYLcjoYBsH2d:EHTayI8wGfoUY2gXo7oX4LcdBs2
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence