7b95123fd85fbeb9bbdb2137bf1a005bef69ce977253591749c3303be4a6ec06 | Triage

Sharing

General

Target

c6d559aacbc92851ef23edfb2c83f9bf
Size

32KB
Sample

240313-zphbwaaf44
MD5

c6d559aacbc92851ef23edfb2c83f9bf
SHA1

0a3e2fad139090c5e6290cf9175fd8e8c5feea8c
SHA256

7b95123fd85fbeb9bbdb2137bf1a005bef69ce977253591749c3303be4a6ec06
SHA512

2ece1ef3ee6a9b63d3b78d3322cd31a2879753d19208aa95bc839b8751af4e93808e002b5f8fd2e3403082ffc1ad077890e3d120f105b91dabdfbff7cb28aad8
SSDEEP

768:ZSzsIdmoIBW+p1aPEbPiANtg9bPHhHXPNWNCB+Gc1H8zHvc:ZCsIdmoIBW+/aPUtg9zxB+52Dvc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c6d559aacbc92851ef23edfb2c83f9bf
- Size
  
  32KB
- MD5
  
  c6d559aacbc92851ef23edfb2c83f9bf
- SHA1
  
  0a3e2fad139090c5e6290cf9175fd8e8c5feea8c
- SHA256
  
  7b95123fd85fbeb9bbdb2137bf1a005bef69ce977253591749c3303be4a6ec06
- SHA512
  
  2ece1ef3ee6a9b63d3b78d3322cd31a2879753d19208aa95bc839b8751af4e93808e002b5f8fd2e3403082ffc1ad077890e3d120f105b91dabdfbff7cb28aad8
- SSDEEP
  
  768:ZSzsIdmoIBW+p1aPEbPiANtg9bPHhHXPNWNCB+Gc1H8zHvc:ZCsIdmoIBW+/aPUtg9zxB+52Dvc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence