36e1dc46694f82d37df9a900c585e3f97897758ef465fb13f7c0e27e29a52e05 | Triage

Sharing

General

Target

670e6a162855d24ade316be8742406cc
Size

313KB
Sample

240119-jhb9aahdcp
MD5

670e6a162855d24ade316be8742406cc
SHA1

50363de25516d14838a5f92f22eb7aacc1b6b6ab
SHA256

36e1dc46694f82d37df9a900c585e3f97897758ef465fb13f7c0e27e29a52e05
SHA512

4562c65b69c66a2d4d76081fc17c3a1fd6000de5bd4825642b873020862d2b18fee3a41e8865a68ce88904a7393d90e55faece3c8e77b904bb1a411aeebb3078
SSDEEP

6144:08U2qy6rRZb7jxGYC5JTR3uaufWG7JbvTsCIq6G7GfwtBhPhb:Szy6rRxEP9ufWG7lhP742Zb

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  670e6a162855d24ade316be8742406cc
- Size
  
  313KB
- MD5
  
  670e6a162855d24ade316be8742406cc
- SHA1
  
  50363de25516d14838a5f92f22eb7aacc1b6b6ab
- SHA256
  
  36e1dc46694f82d37df9a900c585e3f97897758ef465fb13f7c0e27e29a52e05
- SHA512
  
  4562c65b69c66a2d4d76081fc17c3a1fd6000de5bd4825642b873020862d2b18fee3a41e8865a68ce88904a7393d90e55faece3c8e77b904bb1a411aeebb3078
- SSDEEP
  
  6144:08U2qy6rRZb7jxGYC5JTR3uaufWG7JbvTsCIq6G7GfwtBhPhb:Szy6rRxEP9ufWG7lhP742Zb
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence