25fee910acca2b28edb722ceb539ef9c8bd7b398e0a1c003b6bf4bafddc4807b | Triage

Sharing

General

Target

4a1b4820ed87b4b9a575fd939d81b0c9
Size

204KB
Sample

240107-3xpmpsgfbq
MD5

4a1b4820ed87b4b9a575fd939d81b0c9
SHA1

b788e8c76979c93f16e3f2161ea810e293585b79
SHA256

25fee910acca2b28edb722ceb539ef9c8bd7b398e0a1c003b6bf4bafddc4807b
SHA512

47e6c8a74e19cad92841b5c7f293a8492135c28283f260872dbd6a5e508dbdeaf4346e1446d2e3e53dd37a36d822d5ca160dcfd3b3aa85165aa6aac90c0f4ecd
SSDEEP

3072:pmRb9GffGv4rPIQJcaitfdE1PYAuUBcK1eIG:342PIKc39diPPcK1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4a1b4820ed87b4b9a575fd939d81b0c9
- Size
  
  204KB
- MD5
  
  4a1b4820ed87b4b9a575fd939d81b0c9
- SHA1
  
  b788e8c76979c93f16e3f2161ea810e293585b79
- SHA256
  
  25fee910acca2b28edb722ceb539ef9c8bd7b398e0a1c003b6bf4bafddc4807b
- SHA512
  
  47e6c8a74e19cad92841b5c7f293a8492135c28283f260872dbd6a5e508dbdeaf4346e1446d2e3e53dd37a36d822d5ca160dcfd3b3aa85165aa6aac90c0f4ecd
- SSDEEP
  
  3072:pmRb9GffGv4rPIQJcaitfdE1PYAuUBcK1eIG:342PIKc39diPPcK1
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence