d1b880b4a5e9107ef5b1717b144043dbed9e506b28ade198a3d068b7f1b03aa2 | Triage

Sharing

General

Target

d1b880b4a5e9107ef5b1717b144043dbed9e506b28ade198a3d068b7f1b03aa2
Size

368KB
Sample

240425-d71ehsef28
MD5

6eb87a458d8b7298ee772ce8db45e5ff
SHA1

172bc64d221d7730cf3ec930a115622db7307ede
SHA256

d1b880b4a5e9107ef5b1717b144043dbed9e506b28ade198a3d068b7f1b03aa2
SHA512

ae335da85517e84433bdfcbd27fc58bcbe314d8e13e46e8375068e3233f0fb5c01133090b51a0b6476a1e6b80d0eaf6d57841b56ab953bba068be23561d01baf
SSDEEP

1536:EsPAPMcbmkiw+667MIBf28zPJtC6IoD/QWgxektFAo11iy:jPAPMcbmLf2RxIvy

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d1b880b4a5e9107ef5b1717b144043dbed9e506b28ade198a3d068b7f1b03aa2
- Size
  
  368KB
- MD5
  
  6eb87a458d8b7298ee772ce8db45e5ff
- SHA1
  
  172bc64d221d7730cf3ec930a115622db7307ede
- SHA256
  
  d1b880b4a5e9107ef5b1717b144043dbed9e506b28ade198a3d068b7f1b03aa2
- SHA512
  
  ae335da85517e84433bdfcbd27fc58bcbe314d8e13e46e8375068e3233f0fb5c01133090b51a0b6476a1e6b80d0eaf6d57841b56ab953bba068be23561d01baf
- SSDEEP
  
  1536:EsPAPMcbmkiw+667MIBf28zPJtC6IoD/QWgxektFAo11iy:jPAPMcbmLf2RxIvy
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence