dc8bf26cffc1751ac3137416ee44f79fd9d6d4e6a415f75e42e9bb6ad8e36bff | Triage

Sharing

General

Target

dc8bf26cffc1751ac3137416ee44f79fd9d6d4e6a415f75e42e9bb6ad8e36bff
Size

240KB
Sample

221002-az927seae7
MD5

5ff79ca7f73cc053b8b838d9ac45f710
SHA1

7876689e361d401fd4ee115c78ed989a7fdcc975
SHA256

dc8bf26cffc1751ac3137416ee44f79fd9d6d4e6a415f75e42e9bb6ad8e36bff
SHA512

11a8787a99b9058e98ae856d70d52b8d78b1262774938cd15ffe70497e263e6740113aae16ba7073918b0c5c192e1cf62c6b21fc9c05ce8db1b38527a8f4aafc
SSDEEP

3072:kGaUuRW+zbfMjS2BXeWBFcAfqTEBRjefrfRLfN561PHuh07MYW6:kFvFD2peScAfA0jCfr567p

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  dc8bf26cffc1751ac3137416ee44f79fd9d6d4e6a415f75e42e9bb6ad8e36bff
- Size
  
  240KB
- MD5
  
  5ff79ca7f73cc053b8b838d9ac45f710
- SHA1
  
  7876689e361d401fd4ee115c78ed989a7fdcc975
- SHA256
  
  dc8bf26cffc1751ac3137416ee44f79fd9d6d4e6a415f75e42e9bb6ad8e36bff
- SHA512
  
  11a8787a99b9058e98ae856d70d52b8d78b1262774938cd15ffe70497e263e6740113aae16ba7073918b0c5c192e1cf62c6b21fc9c05ce8db1b38527a8f4aafc
- SSDEEP
  
  3072:kGaUuRW+zbfMjS2BXeWBFcAfqTEBRjefrfRLfN561PHuh07MYW6:kFvFD2peScAfA0jCfr567p
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence