3306634291e1d50e273177fb1c65e3c9d9b76c6d5da33a497c9f93a352e88659 | Triage

Sharing

General

Target

165378b5cfcb952711b917ffdb1ac7a4.exe
Size

260KB
Sample

240103-r6wltsfbcj
MD5

165378b5cfcb952711b917ffdb1ac7a4
SHA1

2e5a0a653141fd44e452e826ce77797cf79ca283
SHA256

3306634291e1d50e273177fb1c65e3c9d9b76c6d5da33a497c9f93a352e88659
SHA512

62ad37e6241dc1ce33936a3536278329d0a0c27985bd2387331f7501a24711077be4e8cc6a45636538879ae8591ac62a9626ff03158a2ae06f1ade93aa3e4365
SSDEEP

6144:sgRlSUhL25VGQllHiU6ZdCFqhVeVHEv++X:sgRgUhL2lHiU6ZdFPeilX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  165378b5cfcb952711b917ffdb1ac7a4.exe
- Size
  
  260KB
- MD5
  
  165378b5cfcb952711b917ffdb1ac7a4
- SHA1
  
  2e5a0a653141fd44e452e826ce77797cf79ca283
- SHA256
  
  3306634291e1d50e273177fb1c65e3c9d9b76c6d5da33a497c9f93a352e88659
- SHA512
  
  62ad37e6241dc1ce33936a3536278329d0a0c27985bd2387331f7501a24711077be4e8cc6a45636538879ae8591ac62a9626ff03158a2ae06f1ade93aa3e4365
- SSDEEP
  
  6144:sgRlSUhL25VGQllHiU6ZdCFqhVeVHEv++X:sgRgUhL2lHiU6ZdFPeilX
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence