9b1096d5a4cfa2392ab24c33328d4937fe6303c9702a1eb73c59eb018d0b931c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9b1096d5a4cfa2392ab24c33328d4937fe6303c9702a1eb73c59eb018d0b931c
Size

124KB
Sample

221001-x5vk2accc3
MD5

0030ebcc93d3a9e0d8de19ecb66ba2b0
SHA1

c3612cf8b71b0201d3710c106ef3336c76736642
SHA256

9b1096d5a4cfa2392ab24c33328d4937fe6303c9702a1eb73c59eb018d0b931c
SHA512

bce810822e8972fb57ea6ebdcb4bfb548821722d85a3d3bff683e12b80f1e098721e3b6be11a67eca293e5294c288be8e3af7228983235a7a2adc0ecf391b78d
SSDEEP

1536:5DbeEFFH1/67NxkiQixA+alh98r8Y9USv1jylgwo7JaSi:ZbeEFv/67gjH8ri82gwQU

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9b1096d5a4cfa2392ab24c33328d4937fe6303c9702a1eb73c59eb018d0b931c
- Size
  
  124KB
- MD5
  
  0030ebcc93d3a9e0d8de19ecb66ba2b0
- SHA1
  
  c3612cf8b71b0201d3710c106ef3336c76736642
- SHA256
  
  9b1096d5a4cfa2392ab24c33328d4937fe6303c9702a1eb73c59eb018d0b931c
- SHA512
  
  bce810822e8972fb57ea6ebdcb4bfb548821722d85a3d3bff683e12b80f1e098721e3b6be11a67eca293e5294c288be8e3af7228983235a7a2adc0ecf391b78d
- SSDEEP
  
  1536:5DbeEFFH1/67NxkiQixA+alh98r8Y9USv1jylgwo7JaSi:ZbeEFv/67gjH8ri82gwQU
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence