38df8ec8aa447b69c59fd0c1b50562f204aaad846ded53dee6f70e5a4d12e60e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38df8ec8aa447b69c59fd0c1b50562f204aaad846ded53dee6f70e5a4d12e60e
Size

124KB
Sample

220919-baklpadehj
MD5

0c57ff3c63a7f94b31a582d1195e370a
SHA1

34ee5413e0cee8fde861ee2405ca80fb33324625
SHA256

38df8ec8aa447b69c59fd0c1b50562f204aaad846ded53dee6f70e5a4d12e60e
SHA512

1adfbf3d73327bad352c5fd8695bf6e0865bef032b742ef56d88b199b5c2c06e9d976d9376afe927e38f89cb42ef46935273305f60ef666c88eee6bc6f33fbd1
SSDEEP

1536:itE8hwR1k9CuBxeDtMYHa27J14ltxporZ45igHNeG0hQ:uE8hwR1k9CkeV6gJ1uCt45VgQ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  38df8ec8aa447b69c59fd0c1b50562f204aaad846ded53dee6f70e5a4d12e60e
- Size
  
  124KB
- MD5
  
  0c57ff3c63a7f94b31a582d1195e370a
- SHA1
  
  34ee5413e0cee8fde861ee2405ca80fb33324625
- SHA256
  
  38df8ec8aa447b69c59fd0c1b50562f204aaad846ded53dee6f70e5a4d12e60e
- SHA512
  
  1adfbf3d73327bad352c5fd8695bf6e0865bef032b742ef56d88b199b5c2c06e9d976d9376afe927e38f89cb42ef46935273305f60ef666c88eee6bc6f33fbd1
- SSDEEP
  
  1536:itE8hwR1k9CuBxeDtMYHa27J14ltxporZ45igHNeG0hQ:uE8hwR1k9CkeV6gJ1uCt45VgQ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence