6b17486a956985fbf7631182b704dfb917abf7e7fcb0a74c345e8ede441cda13 | Triage

Sharing

General

Target

b5f3551e63715e7a2f4d6401adf8e935
Size

176KB
Sample

240305-3nzfjscg4w
MD5

b5f3551e63715e7a2f4d6401adf8e935
SHA1

5c2f0b648ded6dee384f1b922b378bebcc792c28
SHA256

6b17486a956985fbf7631182b704dfb917abf7e7fcb0a74c345e8ede441cda13
SHA512

d102ca80512daa902fabf13ee2b9588ba6c65deec52cc26753a7b607351fa47202f38fe24757d7c12907d886022febbd1609335beec288ca8d2fe792d687fb5a
SSDEEP

3072:0fRn/jynvgWK/fObT/bGiSEIGsbv0OpxYTNhuybtDKXS38:4G3K/fObT/bGiSE5sj3xYTNhuybtDKXX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b5f3551e63715e7a2f4d6401adf8e935
- Size
  
  176KB
- MD5
  
  b5f3551e63715e7a2f4d6401adf8e935
- SHA1
  
  5c2f0b648ded6dee384f1b922b378bebcc792c28
- SHA256
  
  6b17486a956985fbf7631182b704dfb917abf7e7fcb0a74c345e8ede441cda13
- SHA512
  
  d102ca80512daa902fabf13ee2b9588ba6c65deec52cc26753a7b607351fa47202f38fe24757d7c12907d886022febbd1609335beec288ca8d2fe792d687fb5a
- SSDEEP
  
  3072:0fRn/jynvgWK/fObT/bGiSEIGsbv0OpxYTNhuybtDKXS38:4G3K/fObT/bGiSE5sj3xYTNhuybtDKXX
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence