0b4ab6b9644997979b1e519a6e16ba3f1ecbd5087f9c85a5f66594ec0ecc45b0 | Triage

Sharing

General

Target

0b4ab6b9644997979b1e519a6e16ba3f1ecbd5087f9c85a5f66594ec0ecc45b0
Size

192KB
Sample

221002-h28wxsddd6
MD5

515bbd1877064455ca2d3d21f2a44a20
SHA1

ec7682773685df6af68ac9e92a817a877dedca3f
SHA256

0b4ab6b9644997979b1e519a6e16ba3f1ecbd5087f9c85a5f66594ec0ecc45b0
SHA512

c13d5a2c4498de713eb08c10ec72bd9e6b6812c8aec49476824c36edd18aa7d8511ef4b7cc58bd92b24a670fa777b7567f030171322faf42f1adcbfe4d870494
SSDEEP

3072:wu8+XROOBrpM3lt0bqO4deKIpS2Q9tC3UwtxaTSGzGXDzp8D8OJbhaDDe3oZO:oOBr63cbqO40K394aTSGzGZ8ognYM

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0b4ab6b9644997979b1e519a6e16ba3f1ecbd5087f9c85a5f66594ec0ecc45b0
- Size
  
  192KB
- MD5
  
  515bbd1877064455ca2d3d21f2a44a20
- SHA1
  
  ec7682773685df6af68ac9e92a817a877dedca3f
- SHA256
  
  0b4ab6b9644997979b1e519a6e16ba3f1ecbd5087f9c85a5f66594ec0ecc45b0
- SHA512
  
  c13d5a2c4498de713eb08c10ec72bd9e6b6812c8aec49476824c36edd18aa7d8511ef4b7cc58bd92b24a670fa777b7567f030171322faf42f1adcbfe4d870494
- SSDEEP
  
  3072:wu8+XROOBrpM3lt0bqO4deKIpS2Q9tC3UwtxaTSGzGXDzp8D8OJbhaDDe3oZO:oOBr63cbqO40K394aTSGzGZ8ognYM
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence