72197fb319fad63bb12bf061e78b7eeccbf813af88d3e946d255c0a384e6aa6d | Triage

Sharing

General

Target

72197fb319fad63bb12bf061e78b7eeccbf813af88d3e946d255c0a384e6aa6d
Size

544KB
Sample

240421-23cdwsce36
MD5

59d5ba6f0cf156b176ff13cb1f393d7c
SHA1

f5513dc62b3e5416b3d9f5965b38779bcc7917c6
SHA256

72197fb319fad63bb12bf061e78b7eeccbf813af88d3e946d255c0a384e6aa6d
SHA512

09aa7e915be3929e23293b0de667e94d60182e516cd32ef7ce99460111dc28a3ca4a429016004c7263344fe9333ba81625668d848612d946f2fd81e4a5a1f139
SSDEEP

3072:TGC43DksD+XZVpqYJ0000000000000000000000000000000000000000000000+:TGC43NaVcrrrrrrrrrrv

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  72197fb319fad63bb12bf061e78b7eeccbf813af88d3e946d255c0a384e6aa6d
- Size
  
  544KB
- MD5
  
  59d5ba6f0cf156b176ff13cb1f393d7c
- SHA1
  
  f5513dc62b3e5416b3d9f5965b38779bcc7917c6
- SHA256
  
  72197fb319fad63bb12bf061e78b7eeccbf813af88d3e946d255c0a384e6aa6d
- SHA512
  
  09aa7e915be3929e23293b0de667e94d60182e516cd32ef7ce99460111dc28a3ca4a429016004c7263344fe9333ba81625668d848612d946f2fd81e4a5a1f139
- SSDEEP
  
  3072:TGC43DksD+XZVpqYJ0000000000000000000000000000000000000000000000+:TGC43NaVcrrrrrrrrrrv
Score

10^/10

evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2