5dcc16e09c52ba14bf88c40b8d53c5518a72c7175952bd9028996d46dba97441 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5dcc16e09c52ba14bf88c40b8d53c5518a72c7175952bd9028996d46dba97441
Size

212KB
Sample

221002-ahb4vadbg9
MD5

74266ba21dd9e662f4b9b01356d91e3d
SHA1

63d4982aab8c74d74a639845a8eba43490bda65f
SHA256

5dcc16e09c52ba14bf88c40b8d53c5518a72c7175952bd9028996d46dba97441
SHA512

ae7399c0153116fa2c3252fd68e5b07b6c0ae24f267c471f1bb085079dd4359b5c1fb30640bd1e16dac8df3739370e636a15218d9d9a8aa0c357d7df25a18fcc
SSDEEP

3072:rCIPD2DUGkT9EbzcAXp4wiY3fXfLqus2RrMh9VsgV2Ksb+ET8/3XYhPR+fA4eZwt:GUGkTwtdysb+UQnMs

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5dcc16e09c52ba14bf88c40b8d53c5518a72c7175952bd9028996d46dba97441
- Size
  
  212KB
- MD5
  
  74266ba21dd9e662f4b9b01356d91e3d
- SHA1
  
  63d4982aab8c74d74a639845a8eba43490bda65f
- SHA256
  
  5dcc16e09c52ba14bf88c40b8d53c5518a72c7175952bd9028996d46dba97441
- SHA512
  
  ae7399c0153116fa2c3252fd68e5b07b6c0ae24f267c471f1bb085079dd4359b5c1fb30640bd1e16dac8df3739370e636a15218d9d9a8aa0c357d7df25a18fcc
- SSDEEP
  
  3072:rCIPD2DUGkT9EbzcAXp4wiY3fXfLqus2RrMh9VsgV2Ksb+ET8/3XYhPR+fA4eZwt:GUGkTwtdysb+UQnMs
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence