b9134f4fb38c8e332fd7af1c1af0f093a82b9096703d2c2135d26eb28dd3d560 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9134f4fb38c8e332fd7af1c1af0f093a82b9096703d2c2135d26eb28dd3d560
Size

40KB
Sample

240510-chdnsace7z
MD5

becd4f8414f42cb118687df5424388b6
SHA1

90608e7f7641f4fb67f74e31f7925440f87e4cbe
SHA256

b9134f4fb38c8e332fd7af1c1af0f093a82b9096703d2c2135d26eb28dd3d560
SHA512

639ac77bd0a8b1ea1f3c179b63a85aae9d792f00899b3583212922c9bfac9681eb11ac498418879c5885fcfa8280c2c6ff7f303bcdab13583846e0730a4f855a
SSDEEP

768:gDfko/XC8qWp8F9bdHXtHs7CQpcdHoCCvc:gQqqg8F95NWee1vc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b9134f4fb38c8e332fd7af1c1af0f093a82b9096703d2c2135d26eb28dd3d560
- Size
  
  40KB
- MD5
  
  becd4f8414f42cb118687df5424388b6
- SHA1
  
  90608e7f7641f4fb67f74e31f7925440f87e4cbe
- SHA256
  
  b9134f4fb38c8e332fd7af1c1af0f093a82b9096703d2c2135d26eb28dd3d560
- SHA512
  
  639ac77bd0a8b1ea1f3c179b63a85aae9d792f00899b3583212922c9bfac9681eb11ac498418879c5885fcfa8280c2c6ff7f303bcdab13583846e0730a4f855a
- SSDEEP
  
  768:gDfko/XC8qWp8F9bdHXtHs7CQpcdHoCCvc:gQqqg8F95NWee1vc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence