a5c01b5f8ee0caf1fb64941c0e1db370b02e8a2517c5088fdc5df1bc78892df1 | Triage

Sharing

General

Target

a5c01b5f8ee0caf1fb64941c0e1db370b02e8a2517c5088fdc5df1bc78892df1
Size

152KB
Sample

221002-ath2jafacm
MD5

6e3ff23a5b765ff6c8768ce39fe4af60
SHA1

ed219ed7881c61aa433c6417649275dcaa135118
SHA256

a5c01b5f8ee0caf1fb64941c0e1db370b02e8a2517c5088fdc5df1bc78892df1
SHA512

eb39fdef65c1a0cb1953696db349378a008330344d5ef49fabb5075a753a017a81a3777f7de0d0cdf42c8e5971605d84d6d59602fbe10c2d64940be3062d0092
SSDEEP

3072:0hUFgdTQtKrueiygR4O6avJamofCoE5j4oQ5:Jg9QtKSMgR56avUmXdk

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a5c01b5f8ee0caf1fb64941c0e1db370b02e8a2517c5088fdc5df1bc78892df1
- Size
  
  152KB
- MD5
  
  6e3ff23a5b765ff6c8768ce39fe4af60
- SHA1
  
  ed219ed7881c61aa433c6417649275dcaa135118
- SHA256
  
  a5c01b5f8ee0caf1fb64941c0e1db370b02e8a2517c5088fdc5df1bc78892df1
- SHA512
  
  eb39fdef65c1a0cb1953696db349378a008330344d5ef49fabb5075a753a017a81a3777f7de0d0cdf42c8e5971605d84d6d59602fbe10c2d64940be3062d0092
- SSDEEP
  
  3072:0hUFgdTQtKrueiygR4O6avJamofCoE5j4oQ5:Jg9QtKSMgR56avUmXdk
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence