3c9a3cf11c17e7d446098180be000f0e06c9c4509bcb1499047c2ca7ba723d69 | Triage

Sharing

General

Target

c6d96522d4ec2f190d783083513be193
Size

260KB
Sample

240313-zvgyasah36
MD5

c6d96522d4ec2f190d783083513be193
SHA1

630c4e72a384a12ae4ca79558679080749310041
SHA256

3c9a3cf11c17e7d446098180be000f0e06c9c4509bcb1499047c2ca7ba723d69
SHA512

cadc28bf9f0e13d177e1ea63e48fbe45d5aa360942437ccde1733b9d0f14708865667b91241b403f0191efb7b4fb26c216835a31dfac8553d33bc5fa53155808
SSDEEP

6144:x4HSAtOUUp7WQn6mr1R4bKLnXejKloO6JU1J7QnpRZ7Ta9kzU2/pn:xkSAt4p6Qn6mr1R4bKLnXaKaO6O1JApv

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c6d96522d4ec2f190d783083513be193
- Size
  
  260KB
- MD5
  
  c6d96522d4ec2f190d783083513be193
- SHA1
  
  630c4e72a384a12ae4ca79558679080749310041
- SHA256
  
  3c9a3cf11c17e7d446098180be000f0e06c9c4509bcb1499047c2ca7ba723d69
- SHA512
  
  cadc28bf9f0e13d177e1ea63e48fbe45d5aa360942437ccde1733b9d0f14708865667b91241b403f0191efb7b4fb26c216835a31dfac8553d33bc5fa53155808
- SSDEEP
  
  6144:x4HSAtOUUp7WQn6mr1R4bKLnXejKloO6JU1J7QnpRZ7Ta9kzU2/pn:xkSAt4p6Qn6mr1R4bKLnXaKaO6O1JApv
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence