c2592acb851fb58ab1c2f83724a6ac2b60a29f8fedae534c0333c3398a81c121 | Triage

Sharing

General

Target

29513bed6db59a07a26ade26934ae762
Size

92KB
Sample

231231-fre5rahhdp
MD5

29513bed6db59a07a26ade26934ae762
SHA1

c900f89db8f8fa47d3623f71b9c7feedd9032e94
SHA256

c2592acb851fb58ab1c2f83724a6ac2b60a29f8fedae534c0333c3398a81c121
SHA512

0ef620390b0fda6b590891df232c50bdb68b1ace9b0c611dda19ee102ac5cc9b6bb6a14f5e634b030a3d94c41a1334163ac95b46aab3b49f0bfe1f91227208bc
SSDEEP

1536:b6FrWmJJFy5jOJPGwMdKhwjzgnv/dvyvJvSvbvfvLMPHpOta:+FZJJFoauIMPA0

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  29513bed6db59a07a26ade26934ae762
- Size
  
  92KB
- MD5
  
  29513bed6db59a07a26ade26934ae762
- SHA1
  
  c900f89db8f8fa47d3623f71b9c7feedd9032e94
- SHA256
  
  c2592acb851fb58ab1c2f83724a6ac2b60a29f8fedae534c0333c3398a81c121
- SHA512
  
  0ef620390b0fda6b590891df232c50bdb68b1ace9b0c611dda19ee102ac5cc9b6bb6a14f5e634b030a3d94c41a1334163ac95b46aab3b49f0bfe1f91227208bc
- SSDEEP
  
  1536:b6FrWmJJFy5jOJPGwMdKhwjzgnv/dvyvJvSvbvfvLMPHpOta:+FZJJFoauIMPA0
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence