2cdc06d0a21e5cbc5344104756f3ef7c10aac47fbe4b2f4f399e661356c4aa63 | Triage

Sharing

General

Target

7e4a5a4934b501eabd1d5c1bc26301fe
Size

152KB
Sample

240128-3hfq9achb3
MD5

7e4a5a4934b501eabd1d5c1bc26301fe
SHA1

90c8a68fbb48222ad5ff1c370f506c18be623d3f
SHA256

2cdc06d0a21e5cbc5344104756f3ef7c10aac47fbe4b2f4f399e661356c4aa63
SHA512

a584e71e3be943c8013d875ac6472a0b03fa8441e51b8167234c83fc86e939ea5490914a85c346b3dabef2e7492a07d1402b86fa226c49e08eb45472ab5c530c
SSDEEP

3072:ptDgFdCmeGMS6WLI3kTB58hahpkzFhPAOJ0NAW/pC4oQZiEZkA:k0meGMS6Wc3kn9ADPAOJ0NJUWP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7e4a5a4934b501eabd1d5c1bc26301fe
- Size
  
  152KB
- MD5
  
  7e4a5a4934b501eabd1d5c1bc26301fe
- SHA1
  
  90c8a68fbb48222ad5ff1c370f506c18be623d3f
- SHA256
  
  2cdc06d0a21e5cbc5344104756f3ef7c10aac47fbe4b2f4f399e661356c4aa63
- SHA512
  
  a584e71e3be943c8013d875ac6472a0b03fa8441e51b8167234c83fc86e939ea5490914a85c346b3dabef2e7492a07d1402b86fa226c49e08eb45472ab5c530c
- SSDEEP
  
  3072:ptDgFdCmeGMS6WLI3kTB58hahpkzFhPAOJ0NAW/pC4oQZiEZkA:k0meGMS6Wc3kn9ADPAOJ0NJUWP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence