c87f0fa6393d2784e27f8154ccb984a9642f38bd0d071900549c973dcd1b203f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3887364d4e93ac0211c2644e8d93331e
Size

256KB
Sample

231231-q2csgsehek
MD5

3887364d4e93ac0211c2644e8d93331e
SHA1

2c3b1f90fc1473bf6c01badc4a6c77c0c41f9340
SHA256

c87f0fa6393d2784e27f8154ccb984a9642f38bd0d071900549c973dcd1b203f
SHA512

30405fe94a1e67a18ccda6c3800c84e678514e2d2b8d639dd1fe053242d9cb3a5f7a72451862143eb93b7cfd7fb6d20a1723afe677e144236c36f965ce05b118
SSDEEP

3072:E3ZVoeDPlp/nskpCUv5T79fzCC/M7BFsqMabeYiUDoZGi33ygoo:Sf7PlptNvl9fm0UBFsqMabeYiUDogAFJ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3887364d4e93ac0211c2644e8d93331e
- Size
  
  256KB
- MD5
  
  3887364d4e93ac0211c2644e8d93331e
- SHA1
  
  2c3b1f90fc1473bf6c01badc4a6c77c0c41f9340
- SHA256
  
  c87f0fa6393d2784e27f8154ccb984a9642f38bd0d071900549c973dcd1b203f
- SHA512
  
  30405fe94a1e67a18ccda6c3800c84e678514e2d2b8d639dd1fe053242d9cb3a5f7a72451862143eb93b7cfd7fb6d20a1723afe677e144236c36f965ce05b118
- SSDEEP
  
  3072:E3ZVoeDPlp/nskpCUv5T79fzCC/M7BFsqMabeYiUDoZGi33ygoo:Sf7PlptNvl9fm0UBFsqMabeYiUDogAFJ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence