02b282e849ae6fceee2fd788aecff2c4fdacf08ba1a09de0b421f2086f8a65f8 | Triage

Sharing

General

Target

3749239871d1967c508845009be30d03
Size

96KB
Sample

231231-qcynnafdfp
MD5

3749239871d1967c508845009be30d03
SHA1

f1a015f646233b4e1956e904c9d067774df35f1a
SHA256

02b282e849ae6fceee2fd788aecff2c4fdacf08ba1a09de0b421f2086f8a65f8
SHA512

87013e4dcd75eb5b4dc5a854192f7067d7b4da7c1fc704455b6d75a47bcb1dee7cee065e89d8406939d01e0c2d1f5b3fa92f0822f778a64ed2aa477b2c047600
SSDEEP

1536:iohBHef6cOahokGulSc16l6u+NMMl/KlYv1T4hThFNNIjni:9IhRlu88FFNCni

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3749239871d1967c508845009be30d03
- Size
  
  96KB
- MD5
  
  3749239871d1967c508845009be30d03
- SHA1
  
  f1a015f646233b4e1956e904c9d067774df35f1a
- SHA256
  
  02b282e849ae6fceee2fd788aecff2c4fdacf08ba1a09de0b421f2086f8a65f8
- SHA512
  
  87013e4dcd75eb5b4dc5a854192f7067d7b4da7c1fc704455b6d75a47bcb1dee7cee065e89d8406939d01e0c2d1f5b3fa92f0822f778a64ed2aa477b2c047600
- SSDEEP
  
  1536:iohBHef6cOahokGulSc16l6u+NMMl/KlYv1T4hThFNNIjni:9IhRlu88FFNCni
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence