2c9dbded9d0b41a64c6b1f054c0be4394bff2ea14505c5796af87cc30026bd5b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

039ab9266199d15c3ff3d917a207889c.exe
Size

156KB
Sample

240104-yxxwvsachn
MD5

039ab9266199d15c3ff3d917a207889c
SHA1

37ef8b6767b0469f36a09e2cf90f6982edafd4f0
SHA256

2c9dbded9d0b41a64c6b1f054c0be4394bff2ea14505c5796af87cc30026bd5b
SHA512

013cee04a1646283f2535929a05a0fba0e27aa13744283f30580178d295b854f5ef1149da504ecf200ca902cd975116f5cd555e40d7f07d6c6ed7a1d7a7d7f86
SSDEEP

3072:msT/yOVcx8jeFvB0Z/I8xSFJKxr2CrILFNoit:/KIcvqVuJyr2CMLF+o

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  039ab9266199d15c3ff3d917a207889c.exe
- Size
  
  156KB
- MD5
  
  039ab9266199d15c3ff3d917a207889c
- SHA1
  
  37ef8b6767b0469f36a09e2cf90f6982edafd4f0
- SHA256
  
  2c9dbded9d0b41a64c6b1f054c0be4394bff2ea14505c5796af87cc30026bd5b
- SHA512
  
  013cee04a1646283f2535929a05a0fba0e27aa13744283f30580178d295b854f5ef1149da504ecf200ca902cd975116f5cd555e40d7f07d6c6ed7a1d7a7d7f86
- SSDEEP
  
  3072:msT/yOVcx8jeFvB0Z/I8xSFJKxr2CrILFNoit:/KIcvqVuJyr2CMLF+o
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence