7d8b8050852c62090493eeaee1477106990ab46f7f3408145d872336080bb482 | Triage

Sharing

General

Target

7d8b8050852c62090493eeaee1477106990ab46f7f3408145d872336080bb482
Size

180KB
Sample

240415-23lmkacg3t
MD5

0ec9dbbafd0d9c2bac3af88baaeb85ab
SHA1

3dc10e9157a91c437047c6ef4ea87fbbd4080428
SHA256

7d8b8050852c62090493eeaee1477106990ab46f7f3408145d872336080bb482
SHA512

d6836133140b6503a0796ebf433d18c0ce25f8a3e83b0deba41576415161cb4ab7b6320054b64068c1637bb72dd1e2228b267b914a5606bc9f3d4890f4d82ad8
SSDEEP

3072:ZyZFdVAXY71idPAaWELGzMshNXTDFE+7jF6XTsb:ZyZFzAY+oXqFshNTDT756XT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  7d8b8050852c62090493eeaee1477106990ab46f7f3408145d872336080bb482
- Size
  
  180KB
- MD5
  
  0ec9dbbafd0d9c2bac3af88baaeb85ab
- SHA1
  
  3dc10e9157a91c437047c6ef4ea87fbbd4080428
- SHA256
  
  7d8b8050852c62090493eeaee1477106990ab46f7f3408145d872336080bb482
- SHA512
  
  d6836133140b6503a0796ebf433d18c0ce25f8a3e83b0deba41576415161cb4ab7b6320054b64068c1637bb72dd1e2228b267b914a5606bc9f3d4890f4d82ad8
- SSDEEP
  
  3072:ZyZFdVAXY71idPAaWELGzMshNXTDFE+7jF6XTsb:ZyZFzAY+oXqFshNTDT756XT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence