6e16a5f5ff6469a917c7eaf5d2bc1074d868d32ec00393a91c42d58ea12e1fad | Triage

Sharing

General

Target

d76c621627f68dac1ef331645cc01945
Size

135KB
Sample

240409-y9xfvsaa87
MD5

d76c621627f68dac1ef331645cc01945
SHA1

feda4aa837cb658878609fd04825491f8124862e
SHA256

6e16a5f5ff6469a917c7eaf5d2bc1074d868d32ec00393a91c42d58ea12e1fad
SHA512

47dc3ccfb37e14819650c053a205f18dd49d3ff911c42dcd6bece3efa348cd1cdc42e0f9a7ebc8e13cb50da379ecf73e912fef1f2ad314be2c9eecccedb9ea66
SSDEEP

3072:q4/k7OsnNUPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVi:FQOs8oIDbByGPMsMP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d76c621627f68dac1ef331645cc01945
- Size
  
  135KB
- MD5
  
  d76c621627f68dac1ef331645cc01945
- SHA1
  
  feda4aa837cb658878609fd04825491f8124862e
- SHA256
  
  6e16a5f5ff6469a917c7eaf5d2bc1074d868d32ec00393a91c42d58ea12e1fad
- SHA512
  
  47dc3ccfb37e14819650c053a205f18dd49d3ff911c42dcd6bece3efa348cd1cdc42e0f9a7ebc8e13cb50da379ecf73e912fef1f2ad314be2c9eecccedb9ea66
- SSDEEP
  
  3072:q4/k7OsnNUPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVi:FQOs8oIDbByGPMsMP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence