5a7f53732fb4211f7e8b71b4bbdc23f1c77b4aa1b6451470b371501b6c4fe093 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47005b670d9a1afa3237a67c2be1fa34
Size

272KB
Sample

240106-x4d7naffc5
MD5

47005b670d9a1afa3237a67c2be1fa34
SHA1

5da12cb8eff6664df124a6445261b79ceb3a6067
SHA256

5a7f53732fb4211f7e8b71b4bbdc23f1c77b4aa1b6451470b371501b6c4fe093
SHA512

11c2e6d775335faba737b5b4f3605a47ba6d4af19c5f728217ac5f016c86a81db6fbd573b5ff2361cda987c4e14b6d30876af6044ee3b6d3bf7ef2f19933f070
SSDEEP

3072:K4U9gmss0FvbVJznCRcz/hVFA9MSs/PLLj+Qm4U3YwgTeA3Gfv:vRvbfznH7O9G/PLLxU3YwgTc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  47005b670d9a1afa3237a67c2be1fa34
- Size
  
  272KB
- MD5
  
  47005b670d9a1afa3237a67c2be1fa34
- SHA1
  
  5da12cb8eff6664df124a6445261b79ceb3a6067
- SHA256
  
  5a7f53732fb4211f7e8b71b4bbdc23f1c77b4aa1b6451470b371501b6c4fe093
- SHA512
  
  11c2e6d775335faba737b5b4f3605a47ba6d4af19c5f728217ac5f016c86a81db6fbd573b5ff2361cda987c4e14b6d30876af6044ee3b6d3bf7ef2f19933f070
- SSDEEP
  
  3072:K4U9gmss0FvbVJznCRcz/hVFA9MSs/PLLj+Qm4U3YwgTeA3Gfv:vRvbfznH7O9G/PLLxU3YwgTc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence