b9fc74c614cddc2c20fb023123153ec35285c24ef48904fd6460377d986516e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa06f585baa3605017cb9a64fbb4332e
Size

100KB
Sample

240227-ynl31aac41
MD5

aa06f585baa3605017cb9a64fbb4332e
SHA1

c99d2706da4616a0d40ed566a3e8cecd4b86b0af
SHA256

b9fc74c614cddc2c20fb023123153ec35285c24ef48904fd6460377d986516e0
SHA512

a4a60a59bd85e221018cd8393416949905d066d48b09249fc69167668fa85af85ad60418b7d3b0ace4205d8ba01eb2b757de141b4d1e9d22ad184af120328932
SSDEEP

1536:HPt0pY82NTdwEnLGZcYADZPU1+73BD88b0ny5NIjni:pwEagZPUQJ5Cni

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  aa06f585baa3605017cb9a64fbb4332e
- Size
  
  100KB
- MD5
  
  aa06f585baa3605017cb9a64fbb4332e
- SHA1
  
  c99d2706da4616a0d40ed566a3e8cecd4b86b0af
- SHA256
  
  b9fc74c614cddc2c20fb023123153ec35285c24ef48904fd6460377d986516e0
- SHA512
  
  a4a60a59bd85e221018cd8393416949905d066d48b09249fc69167668fa85af85ad60418b7d3b0ace4205d8ba01eb2b757de141b4d1e9d22ad184af120328932
- SSDEEP
  
  1536:HPt0pY82NTdwEnLGZcYADZPU1+73BD88b0ny5NIjni:pwEagZPUQJ5Cni
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence