56c595e6720eec4a4e33555f1b9afc592b598e13431eae78244da2efd56325f1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4086d252c6f4d826b13183cf35884794
Size

116KB
Sample

240104-lqreaadacq
MD5

4086d252c6f4d826b13183cf35884794
SHA1

5943564c602a412ca2bf0bb4aea1235c164baa55
SHA256

56c595e6720eec4a4e33555f1b9afc592b598e13431eae78244da2efd56325f1
SHA512

0e47b019370a093e4f32bf324becf757de3d154734513d710f5ee2a2c43f4c98727b36fc733c9560271af02377a82b46f342c8d4a6140b68d0651fc63be2b2d1
SSDEEP

1536:dsJghTRdSkOjs8koyAFx57YjHzZ5oFD7jkt5ycQg:aCXovjMLdjHzbotjyLX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4086d252c6f4d826b13183cf35884794
- Size
  
  116KB
- MD5
  
  4086d252c6f4d826b13183cf35884794
- SHA1
  
  5943564c602a412ca2bf0bb4aea1235c164baa55
- SHA256
  
  56c595e6720eec4a4e33555f1b9afc592b598e13431eae78244da2efd56325f1
- SHA512
  
  0e47b019370a093e4f32bf324becf757de3d154734513d710f5ee2a2c43f4c98727b36fc733c9560271af02377a82b46f342c8d4a6140b68d0651fc63be2b2d1
- SSDEEP
  
  1536:dsJghTRdSkOjs8koyAFx57YjHzZ5oFD7jkt5ycQg:aCXovjMLdjHzbotjyLX
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence