81fdd2d8897b403ad1f2f7492432c31f108577188a3955768235fdd75fc1619d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17a71e61f3b7dd0fd0c7ec8211baecc4.bin
Size

156KB
Sample

240629-ckfadsydnh
MD5

17a71e61f3b7dd0fd0c7ec8211baecc4
SHA1

2068268f94f56a0f50e7793fc06e93c0b66304d8
SHA256

81fdd2d8897b403ad1f2f7492432c31f108577188a3955768235fdd75fc1619d
SHA512

1c299982ed990712bf99da205de90c4d83df2e9e4036367c37bee46358fd6041334c82f33fa952e7ac396b4333ae525af3ef35f570dd4849d97dd3e6d9d53426
SSDEEP

3072:oBd1jE2MtU7Qv0w4ZRRQMMDwtIMCeFP4ANV4oQZiEWv9:6dpE2R7Qvb4tQTaCeFP4ABW4

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  17a71e61f3b7dd0fd0c7ec8211baecc4.bin
- Size
  
  156KB
- MD5
  
  17a71e61f3b7dd0fd0c7ec8211baecc4
- SHA1
  
  2068268f94f56a0f50e7793fc06e93c0b66304d8
- SHA256
  
  81fdd2d8897b403ad1f2f7492432c31f108577188a3955768235fdd75fc1619d
- SHA512
  
  1c299982ed990712bf99da205de90c4d83df2e9e4036367c37bee46358fd6041334c82f33fa952e7ac396b4333ae525af3ef35f570dd4849d97dd3e6d9d53426
- SSDEEP
  
  3072:oBd1jE2MtU7Qv0w4ZRRQMMDwtIMCeFP4ANV4oQZiEWv9:6dpE2R7Qvb4tQTaCeFP4ABW4
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence