72ca660f42f9832c1f427310c771a031e69f1fd66bf561e3b8e268eb68b9ddd3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72ca660f42f9832c1f427310c771a031e69f1fd66bf561e3b8e268eb68b9ddd3
Size

60KB
Sample

240703-3akega1enm
MD5

14b9b8ba0d01cea215960d4da2a3c443
SHA1

e59f180479b5e022e9f96ea2470d8e99c782be00
SHA256

72ca660f42f9832c1f427310c771a031e69f1fd66bf561e3b8e268eb68b9ddd3
SHA512

a489ec94b215021b1ca6496ca9ccd681e80900f9a7f71527aee51df2c298b30f81af60d1000e70ed7aef0df31bb4ef02afd11e4739385dd5a6d7a4c6f1e9d15c
SSDEEP

1536:Qbx8w7vst+SbtS0SIImNMlsCSZxIG+UkHoM+:2vzRfloM

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  72ca660f42f9832c1f427310c771a031e69f1fd66bf561e3b8e268eb68b9ddd3
- Size
  
  60KB
- MD5
  
  14b9b8ba0d01cea215960d4da2a3c443
- SHA1
  
  e59f180479b5e022e9f96ea2470d8e99c782be00
- SHA256
  
  72ca660f42f9832c1f427310c771a031e69f1fd66bf561e3b8e268eb68b9ddd3
- SHA512
  
  a489ec94b215021b1ca6496ca9ccd681e80900f9a7f71527aee51df2c298b30f81af60d1000e70ed7aef0df31bb4ef02afd11e4739385dd5a6d7a4c6f1e9d15c
- SSDEEP
  
  1536:Qbx8w7vst+SbtS0SIImNMlsCSZxIG+UkHoM+:2vzRfloM
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence