f5dc2c5f28f2ee04bcc8be8db65b50d56890c8a0145a3a4319215d51bba2350a | Triage

Sharing

General

Target

2cb3b15d80b24820461e96eb0e1eb136
Size

180KB
Sample

240410-gkyh7aef32
MD5

2cb3b15d80b24820461e96eb0e1eb136
SHA1

c83a6bda6b18170f8a57a87d8878d6e912e32751
SHA256

f5dc2c5f28f2ee04bcc8be8db65b50d56890c8a0145a3a4319215d51bba2350a
SHA512

11b87bdf8a72de068247e57bb9aa227e3d3b9fe8461058bc8cfbd82efa2dacb7f89418b4dd2aed1fefac7e75454c317fb1cd5a9d6cf592ef8daad013a9dc77c7
SSDEEP

3072:PFKSaAr21MlttMFz8o+F334VSlkfoyHYb/zCHPEhg5JN8x+eDfcAuQPUS9rulDB:PFi1MltKaJkHHYb/zCHPEhg5JN8x+eDK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2cb3b15d80b24820461e96eb0e1eb136
- Size
  
  180KB
- MD5
  
  2cb3b15d80b24820461e96eb0e1eb136
- SHA1
  
  c83a6bda6b18170f8a57a87d8878d6e912e32751
- SHA256
  
  f5dc2c5f28f2ee04bcc8be8db65b50d56890c8a0145a3a4319215d51bba2350a
- SHA512
  
  11b87bdf8a72de068247e57bb9aa227e3d3b9fe8461058bc8cfbd82efa2dacb7f89418b4dd2aed1fefac7e75454c317fb1cd5a9d6cf592ef8daad013a9dc77c7
- SSDEEP
  
  3072:PFKSaAr21MlttMFz8o+F334VSlkfoyHYb/zCHPEhg5JN8x+eDfcAuQPUS9rulDB:PFi1MltKaJkHHYb/zCHPEhg5JN8x+eDK
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence