6e133d29fd50ce1fc55535f69c2a7a548c7e143e503b51d74a46ed88fc212100 | Triage

Sharing

General

Target

bd4e2333a4b7655a335b2117fd3e1b22
Size

220KB
Sample

240310-bwhzzsha7t
MD5

bd4e2333a4b7655a335b2117fd3e1b22
SHA1

03c9015bfc33a7397f6ac952b0f6af614b2b4814
SHA256

6e133d29fd50ce1fc55535f69c2a7a548c7e143e503b51d74a46ed88fc212100
SHA512

56444a39119e33bcaebe1ce015b320ffc94b940c0ba8ecfa571089126340aa0be24c6070705b01f7628c3eaad98341666f611d332d527d7b5d87fd9177acba3c
SSDEEP

3072:/NDsq8hK+H8NPvw85gVzaSCzWTG2KAikGFngaXjkJ+WJv:FDXcKZpvjgzNmhTIJD

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  bd4e2333a4b7655a335b2117fd3e1b22
- Size
  
  220KB
- MD5
  
  bd4e2333a4b7655a335b2117fd3e1b22
- SHA1
  
  03c9015bfc33a7397f6ac952b0f6af614b2b4814
- SHA256
  
  6e133d29fd50ce1fc55535f69c2a7a548c7e143e503b51d74a46ed88fc212100
- SHA512
  
  56444a39119e33bcaebe1ce015b320ffc94b940c0ba8ecfa571089126340aa0be24c6070705b01f7628c3eaad98341666f611d332d527d7b5d87fd9177acba3c
- SSDEEP
  
  3072:/NDsq8hK+H8NPvw85gVzaSCzWTG2KAikGFngaXjkJ+WJv:FDXcKZpvjgzNmhTIJD
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence