3e2be012d4f0773737b38d41ee02e623d5f2b0d892ce62ce3c9b944f2e834b99 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

789fe969a81eab7f7c7a606683174f2a
Size

200KB
Sample

240126-2z9vzsgba8
MD5

789fe969a81eab7f7c7a606683174f2a
SHA1

9e95a38546a76c57ebd005b8d4fdc9916c2f85e0
SHA256

3e2be012d4f0773737b38d41ee02e623d5f2b0d892ce62ce3c9b944f2e834b99
SHA512

04939a899f2b77249321d8a0289fa3f8298434985afe6c73f4f11853bf5b6eda50db0a67c2aebe903084863926f4f651a8f80cc1959e6cff9f0b2ed092b6039c
SSDEEP

3072:3UAVVfI0tQ9nLHbB9WHCS0AgTlhsp3mWRMQ:hA4QxL7B9WHK9Jhsp3v/

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  789fe969a81eab7f7c7a606683174f2a
- Size
  
  200KB
- MD5
  
  789fe969a81eab7f7c7a606683174f2a
- SHA1
  
  9e95a38546a76c57ebd005b8d4fdc9916c2f85e0
- SHA256
  
  3e2be012d4f0773737b38d41ee02e623d5f2b0d892ce62ce3c9b944f2e834b99
- SHA512
  
  04939a899f2b77249321d8a0289fa3f8298434985afe6c73f4f11853bf5b6eda50db0a67c2aebe903084863926f4f651a8f80cc1959e6cff9f0b2ed092b6039c
- SSDEEP
  
  3072:3UAVVfI0tQ9nLHbB9WHCS0AgTlhsp3mWRMQ:hA4QxL7B9WHK9Jhsp3v/
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence