58d9d7de14a8c078bab40710f774f92b816d4fb673667a505c9514421bad4a15 | Triage

Sharing

General

Target

6fe34764ef503418c24a3be3f842aab2
Size

444KB
Sample

240122-v28mdabfh5
MD5

6fe34764ef503418c24a3be3f842aab2
SHA1

bdfa94aec5ace9471336b4e2ff63aab1eefeebd4
SHA256

58d9d7de14a8c078bab40710f774f92b816d4fb673667a505c9514421bad4a15
SHA512

eae88a86cd9410a76be3e449c6309ec8cc04c224faf5c56217acc5c3e8c5ad2bfcc2565cfe46398edca94a8807080a2523a9254f4fdbff745ebc57c26fdc3778
SSDEEP

12288:wutrzh9xOXk7GMHOJxl/0z+uoqzBTQGtec:wutr5OUStD/0zpJd

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  6fe34764ef503418c24a3be3f842aab2
- Size
  
  444KB
- MD5
  
  6fe34764ef503418c24a3be3f842aab2
- SHA1
  
  bdfa94aec5ace9471336b4e2ff63aab1eefeebd4
- SHA256
  
  58d9d7de14a8c078bab40710f774f92b816d4fb673667a505c9514421bad4a15
- SHA512
  
  eae88a86cd9410a76be3e449c6309ec8cc04c224faf5c56217acc5c3e8c5ad2bfcc2565cfe46398edca94a8807080a2523a9254f4fdbff745ebc57c26fdc3778
- SSDEEP
  
  12288:wutrzh9xOXk7GMHOJxl/0z+uoqzBTQGtec:wutr5OUStD/0zpJd
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence