cb93ec8a8c66c0b6297ebdc2c237b29b109b3aefbe21656999ea74eff124b0be | Triage

Sharing

Copy URL Twitter E-mail

General

Target

51b97a98b2394e66650577477ce63156
Size

196KB
Sample

240110-1vl3pahahj
MD5

51b97a98b2394e66650577477ce63156
SHA1

aa3914c4e50f03ea29f6b72c5820515271a6f634
SHA256

cb93ec8a8c66c0b6297ebdc2c237b29b109b3aefbe21656999ea74eff124b0be
SHA512

a165b039fef9e207ebf17f16ecb6ebe22f1e7c2ac3bb662a3a47c3c47367e247df778712c404e983df10923b9a1ddcb13930546153a559c0de731ba61a8d709a
SSDEEP

3072:Jg0vVnPybzV8Q3io0ce4LTI208YioBK9QRO8qeXQ:JrvVnPybzV8Oio0ctLTt08doLRO8qeg

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  51b97a98b2394e66650577477ce63156
- Size
  
  196KB
- MD5
  
  51b97a98b2394e66650577477ce63156
- SHA1
  
  aa3914c4e50f03ea29f6b72c5820515271a6f634
- SHA256
  
  cb93ec8a8c66c0b6297ebdc2c237b29b109b3aefbe21656999ea74eff124b0be
- SHA512
  
  a165b039fef9e207ebf17f16ecb6ebe22f1e7c2ac3bb662a3a47c3c47367e247df778712c404e983df10923b9a1ddcb13930546153a559c0de731ba61a8d709a
- SSDEEP
  
  3072:Jg0vVnPybzV8Q3io0ce4LTI208YioBK9QRO8qeXQ:JrvVnPybzV8Oio0ctLTt08doLRO8qeg
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence