8a7891bde1e1045ef725962ab655681e8e33fc0fb4c346bc7d4609d0c8c74581 | Triage

Sharing

General

Target

c7e19f5bcbff4242cc74c5a38750319c
Size

252KB
Sample

240314-gxcr9aef93
MD5

c7e19f5bcbff4242cc74c5a38750319c
SHA1

9376d9200b17ada4cac5e10677a093e3cf4dc8c8
SHA256

8a7891bde1e1045ef725962ab655681e8e33fc0fb4c346bc7d4609d0c8c74581
SHA512

5f8ccdb33f6de0b9083eb5efc7a0bba791320cdf116387c51568063e8b396e380331ea7a27f45bd74040ab2cc32c0527312bc1a437fabfa4bd7413e000c04e1b
SSDEEP

6144:x+Ai4yrimEU/EztV++Jbtd4lfn8hFXbTom85FMnH:xNWrimr/EztV++JZd4lfnSTo7F

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c7e19f5bcbff4242cc74c5a38750319c
- Size
  
  252KB
- MD5
  
  c7e19f5bcbff4242cc74c5a38750319c
- SHA1
  
  9376d9200b17ada4cac5e10677a093e3cf4dc8c8
- SHA256
  
  8a7891bde1e1045ef725962ab655681e8e33fc0fb4c346bc7d4609d0c8c74581
- SHA512
  
  5f8ccdb33f6de0b9083eb5efc7a0bba791320cdf116387c51568063e8b396e380331ea7a27f45bd74040ab2cc32c0527312bc1a437fabfa4bd7413e000c04e1b
- SSDEEP
  
  6144:x+Ai4yrimEU/EztV++Jbtd4lfn8hFXbTom85FMnH:xNWrimr/EztV++JZd4lfnSTo7F
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence