d4c5edf8dddcc40aa71cc1a0cb6617c4cebc08efc07dfeee44abd910d59e9c33 | Triage

Sharing

General

Target

9b778d8519139ce7f2d58bd6eb73ced4
Size

292KB
Sample

240214-msbx2sgb7y
MD5

9b778d8519139ce7f2d58bd6eb73ced4
SHA1

916d9b985dd2406d4a12cb41e95bfa8dd371d851
SHA256

d4c5edf8dddcc40aa71cc1a0cb6617c4cebc08efc07dfeee44abd910d59e9c33
SHA512

55694a8011d9c0c2c6edcf1a479a50a5e4eb3996055cc4b4a4992682bd2f145d4252d243f6837b942f581fb0c8bab9812027eb31631eafa4c66671f900b8e69d
SSDEEP

3072:Cn4Od4Y9diY/OBq7CFLuupaFBzxk7c7awSZohDnjV2S8NmMx3WarRDSJOtpTxzsd:CRiYILuupszxk7USZoDnp23xmg9HtEU

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9b778d8519139ce7f2d58bd6eb73ced4
- Size
  
  292KB
- MD5
  
  9b778d8519139ce7f2d58bd6eb73ced4
- SHA1
  
  916d9b985dd2406d4a12cb41e95bfa8dd371d851
- SHA256
  
  d4c5edf8dddcc40aa71cc1a0cb6617c4cebc08efc07dfeee44abd910d59e9c33
- SHA512
  
  55694a8011d9c0c2c6edcf1a479a50a5e4eb3996055cc4b4a4992682bd2f145d4252d243f6837b942f581fb0c8bab9812027eb31631eafa4c66671f900b8e69d
- SSDEEP
  
  3072:Cn4Od4Y9diY/OBq7CFLuupaFBzxk7c7awSZohDnjV2S8NmMx3WarRDSJOtpTxzsd:CRiYILuupszxk7USZoDnp23xmg9HtEU
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence