70965180bbdf0a8beaee20dcc0cedbc1fbac14a45da543d3f21ab33a3fc6bfd6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_edc1b58288cd4addd02032ebb1c434ce07d8b879 (1).zip
Size

61KB
Sample

240118-dntgvsbfbr
MD5

352dfb8b1a42035df40a56610eb3b2ba
SHA1

a859960584ebdc58e1ecc59b117f46e48c468cba
SHA256

70965180bbdf0a8beaee20dcc0cedbc1fbac14a45da543d3f21ab33a3fc6bfd6
SHA512

f91f6b4384a55ec3f01765809bc5a6cf2a44d43a37a7a6d55cf9a08a45ff92a26d4800ded46d50efce2328aa81e6f34e9e6a2e84c7da66daa239e00e633e06ad
SSDEEP

1536:E9BH4VWrnbwIo6R17KWHtsoxpomwx9in6swE0aJh9FQ48L4y1FzGPBy:EEWrnbks17HHtsSpomwxoTwJa3vpu4in

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  Files.exe
- Size
  
  94KB
- MD5
  
  953d01e7ea6b60229eacc178c907a6f4
- SHA1
  
  edc1b58288cd4addd02032ebb1c434ce07d8b879
- SHA256
  
  e82139c24ae9cd9a934f3b1cb06882454c7d3ea45d4ee8cd6f2e98ac6c398187
- SHA512
  
  702a19592d875ff799bd60fb56ad16012573b01dcab753e485b89c582f2936ca0f70caeac070669b8da65f1d37b2800ae03a2bdf20bc14a96e3dc0f622e94449
- SSDEEP
  
  1536:xfw6ygq47NGW9IgD4Vw8w28Dxv5s3wOXGpx/9l/7RyVcTIuGeNjcfgfu6lw5hfLI:xfw6Pq47NGW9zD4Vw8w28Dxv5s1XM+cV
Score

10^/10

evasion persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence