668681c8a45526e4513dd907d88d17202cc4e4193da5031999e4f89aa0a3e4d6 | Triage

Sharing

General

Target

963629ea38392e2e7161543aef6c6c5b
Size

216KB
Sample

240212-ergg5sab24
MD5

963629ea38392e2e7161543aef6c6c5b
SHA1

54352a3ccda912c146fc23ddfcfeb26013b7e87e
SHA256

668681c8a45526e4513dd907d88d17202cc4e4193da5031999e4f89aa0a3e4d6
SHA512

48f5945d5a8b15953d274f791871fb09f9b76078e37012e266b567e6e247b3d2c6ad1745a5200c58dee87eb96765eb662dce308fd46770418a4dc3bf6424408a
SSDEEP

6144:tn5FwzWQRzWyQXvoKnvmb7/D26gsiGZD+c2JcU86+cR/MHsuA6d3cpp3:t5Fw5WyQXvoKnvmb7/D260JcUJ+cR/Fl

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  963629ea38392e2e7161543aef6c6c5b
- Size
  
  216KB
- MD5
  
  963629ea38392e2e7161543aef6c6c5b
- SHA1
  
  54352a3ccda912c146fc23ddfcfeb26013b7e87e
- SHA256
  
  668681c8a45526e4513dd907d88d17202cc4e4193da5031999e4f89aa0a3e4d6
- SHA512
  
  48f5945d5a8b15953d274f791871fb09f9b76078e37012e266b567e6e247b3d2c6ad1745a5200c58dee87eb96765eb662dce308fd46770418a4dc3bf6424408a
- SSDEEP
  
  6144:tn5FwzWQRzWyQXvoKnvmb7/D26gsiGZD+c2JcU86+cR/MHsuA6d3cpp3:t5Fw5WyQXvoKnvmb7/D260JcUJ+cR/Fl
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence