f5db7aea319521b7e8da109b8f7c33a55ddcaefd8e728501089d387f25d00415 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a091ea2cc8a4d87bbb16e21b0d36d4b
Size

76KB
Sample

240114-cw2yjaadfk
MD5

5a091ea2cc8a4d87bbb16e21b0d36d4b
SHA1

0a4dfa6895579b19e14ee4f2788e4a13f87c9860
SHA256

f5db7aea319521b7e8da109b8f7c33a55ddcaefd8e728501089d387f25d00415
SHA512

18e5da6988164d95d47d90d8d825a0266259ca000a285670d73d54639882aa09036069a9ddf28f5d3bf37fdf17f5668e4cdd72a63bcb3a91bf3949af504111b8
SSDEEP

768:UpP4fR08PWIS0MUe9N5U2b1CY/g/7Gr8Q/apUZlrTVU9yu1uOpaV+:UiMX97P1CgY74lrTVU9yu1uOI+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5a091ea2cc8a4d87bbb16e21b0d36d4b
- Size
  
  76KB
- MD5
  
  5a091ea2cc8a4d87bbb16e21b0d36d4b
- SHA1
  
  0a4dfa6895579b19e14ee4f2788e4a13f87c9860
- SHA256
  
  f5db7aea319521b7e8da109b8f7c33a55ddcaefd8e728501089d387f25d00415
- SHA512
  
  18e5da6988164d95d47d90d8d825a0266259ca000a285670d73d54639882aa09036069a9ddf28f5d3bf37fdf17f5668e4cdd72a63bcb3a91bf3949af504111b8
- SSDEEP
  
  768:UpP4fR08PWIS0MUe9N5U2b1CY/g/7Gr8Q/apUZlrTVU9yu1uOpaV+:UiMX97P1CgY74lrTVU9yu1uOI+
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence