9af6c395eebbf12a322954ee7806ae5e4f5ecd067a99bf1256a68dee41b9ebf3 | Triage

Sharing

General

Target

1590ed951a7125856ce14b4faa8a4530
Size

420KB
Sample

231230-l91r3ahgb5
MD5

1590ed951a7125856ce14b4faa8a4530
SHA1

3fdfc9722cfafa62d1064a8510e0e0e7809b1b61
SHA256

9af6c395eebbf12a322954ee7806ae5e4f5ecd067a99bf1256a68dee41b9ebf3
SHA512

f6a8a673ebd36d9d3d4a7b1f9f36dd905f1f3edee80fa6b1be3b6a3a2bc91f2e3b3da35ecd552708394a4552aaaea2ccd26d759662c3264f8542cd3c269acd68
SSDEEP

6144:TwWrjqFk7qFoQudlhiP5+6yCtfGiICZFGu:Tfs2QudeYryF7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1590ed951a7125856ce14b4faa8a4530
- Size
  
  420KB
- MD5
  
  1590ed951a7125856ce14b4faa8a4530
- SHA1
  
  3fdfc9722cfafa62d1064a8510e0e0e7809b1b61
- SHA256
  
  9af6c395eebbf12a322954ee7806ae5e4f5ecd067a99bf1256a68dee41b9ebf3
- SHA512
  
  f6a8a673ebd36d9d3d4a7b1f9f36dd905f1f3edee80fa6b1be3b6a3a2bc91f2e3b3da35ecd552708394a4552aaaea2ccd26d759662c3264f8542cd3c269acd68
- SSDEEP
  
  6144:TwWrjqFk7qFoQudlhiP5+6yCtfGiICZFGu:Tfs2QudeYryF7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence