0eb673f0b537e7e9c7afeee664b738a4027f8ec0d3a3040ada40725529f5c62d | Triage

Sharing

General

Target

f2b581bd01b5c6df772737c6399fec02.exe
Size

256KB
Sample

240109-wvhytagdb2
MD5

f2b581bd01b5c6df772737c6399fec02
SHA1

a9dd8e0b7a35b9eb79eac5960e7a1b170c9387f9
SHA256

0eb673f0b537e7e9c7afeee664b738a4027f8ec0d3a3040ada40725529f5c62d
SHA512

e1d4ab0ba3778e25d540f0093e96e536914a9dd60102c6e775b666e26d2358838ac6cdb4531d6a944ff2ea3b816486c5464af7e761ed6d5057d6b4617fe3b3f2
SSDEEP

6144:WBawbQXn2J5V2aWOKojDOgbTnNkyjZjjO:WAwbQWoOKojDOgbTNku

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f2b581bd01b5c6df772737c6399fec02.exe
- Size
  
  256KB
- MD5
  
  f2b581bd01b5c6df772737c6399fec02
- SHA1
  
  a9dd8e0b7a35b9eb79eac5960e7a1b170c9387f9
- SHA256
  
  0eb673f0b537e7e9c7afeee664b738a4027f8ec0d3a3040ada40725529f5c62d
- SHA512
  
  e1d4ab0ba3778e25d540f0093e96e536914a9dd60102c6e775b666e26d2358838ac6cdb4531d6a944ff2ea3b816486c5464af7e761ed6d5057d6b4617fe3b3f2
- SSDEEP
  
  6144:WBawbQXn2J5V2aWOKojDOgbTnNkyjZjjO:WAwbQWoOKojDOgbTNku
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence