d85d5411788893548814455de2d2a4d4b261681722bde12ab4a073734d79b580 | Triage

Sharing

General

Target

5c27a6dccc8b52f62ceaf960aa49517f
Size

135KB
Sample

240115-e9kbrahdhq
MD5

5c27a6dccc8b52f62ceaf960aa49517f
SHA1

98d9da5cd787f7f2f3af6ad00df1cbf9e4d61a16
SHA256

d85d5411788893548814455de2d2a4d4b261681722bde12ab4a073734d79b580
SHA512

fffd9e752d705f4bd9eb89909e0a591ace4ef13d93f775ca340a1cb6591a9191e74b0304a5b6873ff2e455d75078008f91d8d48a9be95d44bf4e42c4875977dd
SSDEEP

3072:2EG2G/pSTW6UPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTi:hPypSTAoIDbByGPMsMP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5c27a6dccc8b52f62ceaf960aa49517f
- Size
  
  135KB
- MD5
  
  5c27a6dccc8b52f62ceaf960aa49517f
- SHA1
  
  98d9da5cd787f7f2f3af6ad00df1cbf9e4d61a16
- SHA256
  
  d85d5411788893548814455de2d2a4d4b261681722bde12ab4a073734d79b580
- SHA512
  
  fffd9e752d705f4bd9eb89909e0a591ace4ef13d93f775ca340a1cb6591a9191e74b0304a5b6873ff2e455d75078008f91d8d48a9be95d44bf4e42c4875977dd
- SSDEEP
  
  3072:2EG2G/pSTW6UPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTi:hPypSTAoIDbByGPMsMP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence