25e46d5f814ac6239f1d27c577f8d3549f829e0f4811b9b1c82a18d4b88c31c8 | Triage

Sharing

General

Target

62d82edb8dd00ac0f31843c2702ac2c0N.exe
Size

84KB
Sample

240720-h1stba1hnj
MD5

62d82edb8dd00ac0f31843c2702ac2c0
SHA1

6fd273a86c0b1dbae53be615192dffc6681ffef3
SHA256

25e46d5f814ac6239f1d27c577f8d3549f829e0f4811b9b1c82a18d4b88c31c8
SHA512

7658469076c4461a6c4cac218f3818d9ead93832c2875c8aae7f345bc398830d5471fb0e0d5e3f1e5a742ae02449304d1470b4a7144c4f5fc635f0f7e7585cb7
SSDEEP

768:DyV+hOv0phYwzIiRg0OAIWi3KEyUhL7b7Yqlf4JwQltjmtTBHi7AlK:DoFv+nzOL76Ezh/vYlJwAitTB3lK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  62d82edb8dd00ac0f31843c2702ac2c0N.exe
- Size
  
  84KB
- MD5
  
  62d82edb8dd00ac0f31843c2702ac2c0
- SHA1
  
  6fd273a86c0b1dbae53be615192dffc6681ffef3
- SHA256
  
  25e46d5f814ac6239f1d27c577f8d3549f829e0f4811b9b1c82a18d4b88c31c8
- SHA512
  
  7658469076c4461a6c4cac218f3818d9ead93832c2875c8aae7f345bc398830d5471fb0e0d5e3f1e5a742ae02449304d1470b4a7144c4f5fc635f0f7e7585cb7
- SSDEEP
  
  768:DyV+hOv0phYwzIiRg0OAIWi3KEyUhL7b7Yqlf4JwQltjmtTBHi7AlK:DoFv+nzOL76Ezh/vYlJwAitTB3lK
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence