487f36ad4da4416cecb13c07b1298f1e23e71e0409575e4a56ac0092a816667d | Triage

Sharing

General

Target

79819a0602ff2a66857915e284d87a32
Size

208KB
Sample

240127-g7dsasehg8
MD5

79819a0602ff2a66857915e284d87a32
SHA1

c60d79059fdb95b0ea1c37a5805b1b170d5888ba
SHA256

487f36ad4da4416cecb13c07b1298f1e23e71e0409575e4a56ac0092a816667d
SHA512

0214985fef4278069ca68d1b087b68fe319ce9da57d9c748bfd96ecf4c29283f462035a1d2ad700b46880b01bb8b7fdbcf3ff48198b620800144a0533c0ab761
SSDEEP

3072:nDMM1KVLDp979aAqvxpDWDhQx9AhHp8NeqxEN1yy8p+uxs/Y:n5KVboA8pDqQx9AhJSRxiJ8jK/Y

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  79819a0602ff2a66857915e284d87a32
- Size
  
  208KB
- MD5
  
  79819a0602ff2a66857915e284d87a32
- SHA1
  
  c60d79059fdb95b0ea1c37a5805b1b170d5888ba
- SHA256
  
  487f36ad4da4416cecb13c07b1298f1e23e71e0409575e4a56ac0092a816667d
- SHA512
  
  0214985fef4278069ca68d1b087b68fe319ce9da57d9c748bfd96ecf4c29283f462035a1d2ad700b46880b01bb8b7fdbcf3ff48198b620800144a0533c0ab761
- SSDEEP
  
  3072:nDMM1KVLDp979aAqvxpDWDhQx9AhHp8NeqxEN1yy8p+uxs/Y:n5KVboA8pDqQx9AhJSRxiJ8jK/Y
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence