42b6212a87d94e944b1989854d6a76e150a1526d09b7f1a4077e1abb81830019 | Triage

Sharing

General

Target

42b6212a87d94e944b1989854d6a76e150a1526d09b7f1a4077e1abb81830019
Size

116KB
Sample

220919-bbpxssheg7
MD5

bc855de407600be582e63e1340f12786
SHA1

9eed0af59ed5c2e9c84f1b8c05e74a70ead3e1a3
SHA256

42b6212a87d94e944b1989854d6a76e150a1526d09b7f1a4077e1abb81830019
SHA512

7d6048bfee8a28983dd5281a6f4cf44799685867a261beb9b29c6fc0735d40ef1a56c51c2564d39c677a5a500a4da728a7351af46de3c009d75442da5f6fe453
SSDEEP

1536:lZpxoV++We8Kw6KBOIW4Z8HO1Zwt0f4HeDUEdMOPy9sbgN2wo7JaS1:fp7+WefIr1ZNDUEdTwQL

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  42b6212a87d94e944b1989854d6a76e150a1526d09b7f1a4077e1abb81830019
- Size
  
  116KB
- MD5
  
  bc855de407600be582e63e1340f12786
- SHA1
  
  9eed0af59ed5c2e9c84f1b8c05e74a70ead3e1a3
- SHA256
  
  42b6212a87d94e944b1989854d6a76e150a1526d09b7f1a4077e1abb81830019
- SHA512
  
  7d6048bfee8a28983dd5281a6f4cf44799685867a261beb9b29c6fc0735d40ef1a56c51c2564d39c677a5a500a4da728a7351af46de3c009d75442da5f6fe453
- SSDEEP
  
  1536:lZpxoV++We8Kw6KBOIW4Z8HO1Zwt0f4HeDUEdMOPy9sbgN2wo7JaS1:fp7+WefIr1ZNDUEdTwQL
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence