4a1c8a08bb613a0211b77402f65cdc3f2c16c1d321b44c0eb0ed845bdf6b6b26 | Triage

Sharing

General

Target

0ab2a5662118c54ed31488b920aa3078
Size

152KB
Sample

231230-b9x13aghh3
MD5

0ab2a5662118c54ed31488b920aa3078
SHA1

ad41e7ab3031ae88dacb28d05ea9c07614c56725
SHA256

4a1c8a08bb613a0211b77402f65cdc3f2c16c1d321b44c0eb0ed845bdf6b6b26
SHA512

0c071c3c4204752b2ea1585db6c0b82f742d451d0860119869959499b12c7db5cf7bf8246649d655cfdb9d4a2236b9d29ab1bbb27034da875bca3a524206dd19
SSDEEP

3072:LMGNPYYh0ZV+7DxNUbaxIcz93bOButK+Hog:0+7DxVh3bHYg

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0ab2a5662118c54ed31488b920aa3078
- Size
  
  152KB
- MD5
  
  0ab2a5662118c54ed31488b920aa3078
- SHA1
  
  ad41e7ab3031ae88dacb28d05ea9c07614c56725
- SHA256
  
  4a1c8a08bb613a0211b77402f65cdc3f2c16c1d321b44c0eb0ed845bdf6b6b26
- SHA512
  
  0c071c3c4204752b2ea1585db6c0b82f742d451d0860119869959499b12c7db5cf7bf8246649d655cfdb9d4a2236b9d29ab1bbb27034da875bca3a524206dd19
- SSDEEP
  
  3072:LMGNPYYh0ZV+7DxNUbaxIcz93bOButK+Hog:0+7DxVh3bHYg
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence