62abd12ac2344265b354ecffb2e8f6d703fe21073ab0b7feb52705d3ce2f6ee5 | Triage

Sharing

General

Target

62abd12ac2344265b354ecffb2e8f6d703fe21073ab0b7feb52705d3ce2f6ee5.exe
Size

160KB
Sample

241126-blke3asrdj
MD5

3595389d5cdacde9cd01517f0091e4c8
SHA1

d2a71de77475791461638e750c2984d70eaae37d
SHA256

62abd12ac2344265b354ecffb2e8f6d703fe21073ab0b7feb52705d3ce2f6ee5
SHA512

ea07d5de8ac76ab96ecbeef3716923a8e0929010e6eebf8e2db9b6f6b0407ae0e0e9a41e2b0b6ef0875de29cde352b2cb3b804b558da453f2a27e307bdd9dcf8
SSDEEP

3072:DaSkYE/3ZFUHdwPQqx84k+bE3MXf6kVGbF3N7VgKudNHW:ejJ/jUGoeb0MXf6kVGbF3XK2

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  62abd12ac2344265b354ecffb2e8f6d703fe21073ab0b7feb52705d3ce2f6ee5.exe
- Size
  
  160KB
- MD5
  
  3595389d5cdacde9cd01517f0091e4c8
- SHA1
  
  d2a71de77475791461638e750c2984d70eaae37d
- SHA256
  
  62abd12ac2344265b354ecffb2e8f6d703fe21073ab0b7feb52705d3ce2f6ee5
- SHA512
  
  ea07d5de8ac76ab96ecbeef3716923a8e0929010e6eebf8e2db9b6f6b0407ae0e0e9a41e2b0b6ef0875de29cde352b2cb3b804b558da453f2a27e307bdd9dcf8
- SSDEEP
  
  3072:DaSkYE/3ZFUHdwPQqx84k+bE3MXf6kVGbF3N7VgKudNHW:ejJ/jUGoeb0MXf6kVGbF3XK2
Score

10^/10

discovery evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence