8df451e874f4246e877ed9bbb07b53039764fe74a0c5077c02f05e25264596b7 | Triage

Sharing

General

Target

8df451e874f4246e877ed9bbb07b53039764fe74a0c5077c02f05e25264596b7
Size

116KB
Sample

220919-beabhshgb3
MD5

1e53a4a0891621320d8f53c698676281
SHA1

b64dfb8f637f2a7e0b807d48a66f11f44e1c6331
SHA256

8df451e874f4246e877ed9bbb07b53039764fe74a0c5077c02f05e25264596b7
SHA512

e708aff577195658708c7d1043c4fa8cf9901c5794d3ee9533566dec4501591b76ff8f8de199a0ebe1d72d80b898381ec4b1b81d365fef38b2b716d65146b220
SSDEEP

3072:s0T94Xnr99Rx7D/ONLd01eWkVkMfwYHX0WRSO:dZ477D2NLd01eWkVkMfwYHEWRn

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8df451e874f4246e877ed9bbb07b53039764fe74a0c5077c02f05e25264596b7
- Size
  
  116KB
- MD5
  
  1e53a4a0891621320d8f53c698676281
- SHA1
  
  b64dfb8f637f2a7e0b807d48a66f11f44e1c6331
- SHA256
  
  8df451e874f4246e877ed9bbb07b53039764fe74a0c5077c02f05e25264596b7
- SHA512
  
  e708aff577195658708c7d1043c4fa8cf9901c5794d3ee9533566dec4501591b76ff8f8de199a0ebe1d72d80b898381ec4b1b81d365fef38b2b716d65146b220
- SSDEEP
  
  3072:s0T94Xnr99Rx7D/ONLd01eWkVkMfwYHX0WRSO:dZ477D2NLd01eWkVkMfwYHEWRn
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence