da5dec24f2f4685cfe0e0301e8c5c07dfa36ca2265b49b5c605365eacea23a02 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d47d7514988483b714d1ccd24e31cf2f
Size

100KB
Sample

240318-zkklfaad91
MD5

d47d7514988483b714d1ccd24e31cf2f
SHA1

75b3a9cb7d278b5a50999318aaaa6c5c6b87781c
SHA256

da5dec24f2f4685cfe0e0301e8c5c07dfa36ca2265b49b5c605365eacea23a02
SHA512

d3f50f53dce9d206a5f4fce112e85e205e1b80c61ec48b205fe3e1ec06e42d16e034bfaaeb2037193218790c0d995fca4499d98af95943d3d64ffc2e84acc7d1
SSDEEP

1536:YPt0y82NTdw9LGZcYADZPU1+73BD88b0nyMNIjnZr7:kwUgZPUQJMCnt7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d47d7514988483b714d1ccd24e31cf2f
- Size
  
  100KB
- MD5
  
  d47d7514988483b714d1ccd24e31cf2f
- SHA1
  
  75b3a9cb7d278b5a50999318aaaa6c5c6b87781c
- SHA256
  
  da5dec24f2f4685cfe0e0301e8c5c07dfa36ca2265b49b5c605365eacea23a02
- SHA512
  
  d3f50f53dce9d206a5f4fce112e85e205e1b80c61ec48b205fe3e1ec06e42d16e034bfaaeb2037193218790c0d995fca4499d98af95943d3d64ffc2e84acc7d1
- SSDEEP
  
  1536:YPt0y82NTdw9LGZcYADZPU1+73BD88b0nyMNIjnZr7:kwUgZPUQJMCnt7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence