97485557c5bba0c5fb52ea89990be4c3a5922af91492fc4e62c0ffd54aee5508 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

97485557c5bba0c5fb52ea89990be4c3a5922af91492fc4e62c0ffd54aee5508
Size

144KB
Sample

240503-bebvcaba8x
MD5

9676c963fe4e0c092231fd635247e40a
SHA1

6272f924332d28eeed5c772402a74e2db31bac17
SHA256

97485557c5bba0c5fb52ea89990be4c3a5922af91492fc4e62c0ffd54aee5508
SHA512

f9b60be9570a6e4f4f5fcc276d93c235d75535605efed43eac21aa68606226cd2ad639fb0f72c24709ed19aafb47e83bcd188b2a6a4167e2ecb344e56a82a885
SSDEEP

3072:NHKFp9vhINgVs+Y9YXeKjxF1yj13TWDntK:NqFp5q2gYuKjxF1ss

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  97485557c5bba0c5fb52ea89990be4c3a5922af91492fc4e62c0ffd54aee5508
- Size
  
  144KB
- MD5
  
  9676c963fe4e0c092231fd635247e40a
- SHA1
  
  6272f924332d28eeed5c772402a74e2db31bac17
- SHA256
  
  97485557c5bba0c5fb52ea89990be4c3a5922af91492fc4e62c0ffd54aee5508
- SHA512
  
  f9b60be9570a6e4f4f5fcc276d93c235d75535605efed43eac21aa68606226cd2ad639fb0f72c24709ed19aafb47e83bcd188b2a6a4167e2ecb344e56a82a885
- SSDEEP
  
  3072:NHKFp9vhINgVs+Y9YXeKjxF1yj13TWDntK:NqFp5q2gYuKjxF1ss
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence