63e837f4030ff220ee09d9a5df0acabb669b9922cf8f853b659f553ae3bb2c2c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63e837f4030ff220ee09d9a5df0acabb669b9922cf8f853b659f553ae3bb2c2c
Size

76KB
Sample

240603-2ajx9sbb6x
MD5

3f29c318476e935a4ddc412870d6d634
SHA1

8632a8527ea853abcc4e86a0cf80a4e8bc1f5126
SHA256

63e837f4030ff220ee09d9a5df0acabb669b9922cf8f853b659f553ae3bb2c2c
SHA512

55034b122bfd5c769d70f7e83c3448e61e572e1c356251be6e9e01a05bc5a76a713f75385eac5b1a70a8c45ed59d1fa9edb8dbe402ba00302f55be46209e8604
SSDEEP

1536:WjkENgZkKA899l/mxEaHW4HKTpKsUTjlCfguY:W/NgiKAM9l6lqpKs+s5Y

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  63e837f4030ff220ee09d9a5df0acabb669b9922cf8f853b659f553ae3bb2c2c
- Size
  
  76KB
- MD5
  
  3f29c318476e935a4ddc412870d6d634
- SHA1
  
  8632a8527ea853abcc4e86a0cf80a4e8bc1f5126
- SHA256
  
  63e837f4030ff220ee09d9a5df0acabb669b9922cf8f853b659f553ae3bb2c2c
- SHA512
  
  55034b122bfd5c769d70f7e83c3448e61e572e1c356251be6e9e01a05bc5a76a713f75385eac5b1a70a8c45ed59d1fa9edb8dbe402ba00302f55be46209e8604
- SSDEEP
  
  1536:WjkENgZkKA899l/mxEaHW4HKTpKsUTjlCfguY:W/NgiKAM9l6lqpKs+s5Y
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2