c0bc1de86f71d1724083963e4a1031b2defa07f473c2281bb3860f76a094f38b | Triage

Sharing

General

Target

c0bc1de86f71d1724083963e4a1031b2defa07f473c2281bb3860f76a094f38b
Size

156KB
Sample

221002-aq52wsehcp
MD5

717e66cbcda10e096555e02a8dda1022
SHA1

230e6d6d26f8da94e4a0004543edcbc4f6139973
SHA256

c0bc1de86f71d1724083963e4a1031b2defa07f473c2281bb3860f76a094f38b
SHA512

6c9d23ab59b93dd00d0b77a2f23b44a10ebde17fac6ea0cb063dc64ecb75c319d4030b39b60fa09f1e66af70c0619974b8fe94d17091cfee4c8bd2b420d671ca
SSDEEP

3072:MBd1BE2MtU7Qv0w4ZRRQMMDwtIMCeFP4ANAKE5j4oQHZ:OdDE2R7Qvb4tQTaCeFP4ACd

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c0bc1de86f71d1724083963e4a1031b2defa07f473c2281bb3860f76a094f38b
- Size
  
  156KB
- MD5
  
  717e66cbcda10e096555e02a8dda1022
- SHA1
  
  230e6d6d26f8da94e4a0004543edcbc4f6139973
- SHA256
  
  c0bc1de86f71d1724083963e4a1031b2defa07f473c2281bb3860f76a094f38b
- SHA512
  
  6c9d23ab59b93dd00d0b77a2f23b44a10ebde17fac6ea0cb063dc64ecb75c319d4030b39b60fa09f1e66af70c0619974b8fe94d17091cfee4c8bd2b420d671ca
- SSDEEP
  
  3072:MBd1BE2MtU7Qv0w4ZRRQMMDwtIMCeFP4ANAKE5j4oQHZ:OdDE2R7Qvb4tQTaCeFP4ACd
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence