30f9ec52bb77f32611618ddd02af5f28d03aa2714f0adc8f90595c7bfe1adaba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30f9ec52bb77f32611618ddd02af5f28d03aa2714f0adc8f90595c7bfe1adaba
Size

196KB
Sample

221002-asbwtsdfe4
MD5

6e5d028b07b57057aa2a659a7d4d72f0
SHA1

3e9ecad33ca5414f3517ba1e44eb68d08b7a36b6
SHA256

30f9ec52bb77f32611618ddd02af5f28d03aa2714f0adc8f90595c7bfe1adaba
SHA512

a59dda40451bf16162a0e87e52a5b5840af6f19d034f62423363f64d44c412703fab8aafa7dc73f28fb9006d3c0e0cb9809a291bcc1be08e1dfc0917feb2f08b
SSDEEP

6144:Er4K16oTJWvfU4+bOl8femcK/fObT/bGimszUg7WqaJ:CAoTMvs4+bOlNK/fObT/bGip77gJ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  30f9ec52bb77f32611618ddd02af5f28d03aa2714f0adc8f90595c7bfe1adaba
- Size
  
  196KB
- MD5
  
  6e5d028b07b57057aa2a659a7d4d72f0
- SHA1
  
  3e9ecad33ca5414f3517ba1e44eb68d08b7a36b6
- SHA256
  
  30f9ec52bb77f32611618ddd02af5f28d03aa2714f0adc8f90595c7bfe1adaba
- SHA512
  
  a59dda40451bf16162a0e87e52a5b5840af6f19d034f62423363f64d44c412703fab8aafa7dc73f28fb9006d3c0e0cb9809a291bcc1be08e1dfc0917feb2f08b
- SSDEEP
  
  6144:Er4K16oTJWvfU4+bOl8femcK/fObT/bGimszUg7WqaJ:CAoTMvs4+bOlNK/fObT/bGip77gJ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence