8581038857c7a438f2b77008133960c8834755fb2a1913ccd64c4849ea223e5a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8581038857c7a438f2b77008133960c8834755fb2a1913ccd64c4849ea223e5a
Size

56KB
Sample

240503-ag7jcscb47
MD5

a6a3ae2aaf39578d88933a5d2572ec5f
SHA1

3c367e67a2ba3c019de17ba8f3338a5a645201fc
SHA256

8581038857c7a438f2b77008133960c8834755fb2a1913ccd64c4849ea223e5a
SHA512

8d894e570248c0d1083caa408b0de1ded67c3831cf52c65df61dfc68fe7d9e44212bdb9482e3fd73a1b9f7ccabc0342270c233cb6435fd96b5fa8392ed69945c
SSDEEP

1536:S3UchKQgnRt9UdLw6BNMyBhXZxHJ6P6D5oL:Ugz07JjD5oL

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8581038857c7a438f2b77008133960c8834755fb2a1913ccd64c4849ea223e5a
- Size
  
  56KB
- MD5
  
  a6a3ae2aaf39578d88933a5d2572ec5f
- SHA1
  
  3c367e67a2ba3c019de17ba8f3338a5a645201fc
- SHA256
  
  8581038857c7a438f2b77008133960c8834755fb2a1913ccd64c4849ea223e5a
- SHA512
  
  8d894e570248c0d1083caa408b0de1ded67c3831cf52c65df61dfc68fe7d9e44212bdb9482e3fd73a1b9f7ccabc0342270c233cb6435fd96b5fa8392ed69945c
- SSDEEP
  
  1536:S3UchKQgnRt9UdLw6BNMyBhXZxHJ6P6D5oL:Ugz07JjD5oL
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence