b11c4eada5f471d2b8a747feab6228900cf345b086ae3815a989f49ae909fac6 | Triage

Sharing

General

Target

b11c4eada5f471d2b8a747feab6228900cf345b086ae3815a989f49ae909fac6
Size

152KB
Sample

220919-b34v2afacp
MD5

b8fb39cb94029ba2a7bc21a47cb416a7
SHA1

c118868cbe3e2417b87ca91901124d8b108b8767
SHA256

b11c4eada5f471d2b8a747feab6228900cf345b086ae3815a989f49ae909fac6
SHA512

80e22c547c706540a8fd64a1bc102ad0ac93cadc76c07cb1c3d75fd2dfc222d339a7575fbf9433657218321107765a88a846ffc7d372672cd8cfa1a1f521f3a4
SSDEEP

3072:uvhHSyzy+XsEndwEC+zOdO7VefRYcYN1rjGTxy4oQZiEW/xd:43O+XsEn64OdkoxblOWID

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b11c4eada5f471d2b8a747feab6228900cf345b086ae3815a989f49ae909fac6
- Size
  
  152KB
- MD5
  
  b8fb39cb94029ba2a7bc21a47cb416a7
- SHA1
  
  c118868cbe3e2417b87ca91901124d8b108b8767
- SHA256
  
  b11c4eada5f471d2b8a747feab6228900cf345b086ae3815a989f49ae909fac6
- SHA512
  
  80e22c547c706540a8fd64a1bc102ad0ac93cadc76c07cb1c3d75fd2dfc222d339a7575fbf9433657218321107765a88a846ffc7d372672cd8cfa1a1f521f3a4
- SSDEEP
  
  3072:uvhHSyzy+XsEndwEC+zOdO7VefRYcYN1rjGTxy4oQZiEW/xd:43O+XsEn64OdkoxblOWID
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence