99cabc68f009aed07f4665a75cc4646c4971ef6283fc1b30ad4d859f578af042 | Triage

Sharing

General

Target

99cabc68f009aed07f4665a75cc4646c4971ef6283fc1b30ad4d859f578af042
Size

220KB
Sample

221002-a2hezaeba5
MD5

67c8f486d2177a86deda05a7510bfeb0
SHA1

e58cfdba6448f9d9a0c778905558d2d55702f6d8
SHA256

99cabc68f009aed07f4665a75cc4646c4971ef6283fc1b30ad4d859f578af042
SHA512

810e35c343594421a60b98e0621189b821e6e327cc6c687453e6e52d85805533f5460b3784ae71961c887e446fa86a2f1d193c238cf47bad7be0acfbd42e50ca
SSDEEP

3072:r6/LmS99vs6v5gVzaSCzJ0rJOz01JW69SZ5qK:sLmS9l1gzRa08yK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  99cabc68f009aed07f4665a75cc4646c4971ef6283fc1b30ad4d859f578af042
- Size
  
  220KB
- MD5
  
  67c8f486d2177a86deda05a7510bfeb0
- SHA1
  
  e58cfdba6448f9d9a0c778905558d2d55702f6d8
- SHA256
  
  99cabc68f009aed07f4665a75cc4646c4971ef6283fc1b30ad4d859f578af042
- SHA512
  
  810e35c343594421a60b98e0621189b821e6e327cc6c687453e6e52d85805533f5460b3784ae71961c887e446fa86a2f1d193c238cf47bad7be0acfbd42e50ca
- SSDEEP
  
  3072:r6/LmS99vs6v5gVzaSCzJ0rJOz01JW69SZ5qK:sLmS9l1gzRa08yK
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence