ddf1b79f563d94bb3ddb46b37aa010d95403dc7a1debfc9476a8ab449472b738 | Triage

Sharing

General

Target

SmartDefragmenter.zip
Size

376KB
Sample

240613-2expxswhkn
MD5

541d8406002aa2750a2cf59480e71d94
SHA1

ac40c4715cca6967e2af789cee246b5a0d533a9f
SHA256

ddf1b79f563d94bb3ddb46b37aa010d95403dc7a1debfc9476a8ab449472b738
SHA512

9d3f5fd405be3a76b9d0150e58a2af24cd609a1b7b63bac9e68350a0b153a42bf4941c5d2d8d752ee5d9d6dcc690250811a9c688e2efcc458abef71580add73b
SSDEEP

6144:MdZTQDqwhWbeXTbAf4KINkYLcwpO/ZuY2EwbJ2Fgzz+n6tBN+Pz9BQBa4oQRMgs:yZw1DbAf4KIqM4cewFQ2z+6XNk3QVRM5

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  [email protected]
- Size
  
  438KB
- MD5
  
  03baeba6b4224371cca7fa6f95ae61c0
- SHA1
  
  8731202d2f954421a37b5c9e01d971131bd515f1
- SHA256
  
  61a9e3278b6bcc29a2a0405b06fb2a3bbcb1751c3dd564a8f94cc89ea957ec35
- SHA512
  
  386643b0a52b6b1a53e81a8500d040b6415e532ebaffd1be8d1afd4ccb10f6c0342cf734b688ec803b960339284c8d9669e638b1648d9cc734cf7367659c7fd0
- SSDEEP
  
  6144:hBGrTx2fgEViq+JoQ9tpecSXFADhKXPEKJRlETLV+PwoVUqwhlKq6yem8lhg:6rLEyptwnX+gXrRlESwKKhlP6yxGh
Score

8^/10

evasion persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistence