21aa018b377d4e22f8d58ade6adfbac2263ae51fcb07cb6a5b959a6c21e6cf75 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21aa018b377d4e22f8d58ade6adfbac2263ae51fcb07cb6a5b959a6c21e6cf75
Size

212KB
Sample

221002-jht44afdgm
MD5

75afd7776f1ddbe20ab000eadb644dd0
SHA1

35a8e86f65764017e93ac8148b9e7852e2340df2
SHA256

21aa018b377d4e22f8d58ade6adfbac2263ae51fcb07cb6a5b959a6c21e6cf75
SHA512

e1600f74638fda494abbc667f88c21fb1065291baddb785cf41344797264b2c5995458e8981627bc38434f549598754c6e7e1238d0585a5489818ac1820c63a1
SSDEEP

1536:nPVVLz2cGCG5QBLAx4cd9Lv2PElgWrY/NoN274B/K51ptaHElfTczp6Far2/AgA5:fLyL56Up++wNoN2N04A1osd

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  21aa018b377d4e22f8d58ade6adfbac2263ae51fcb07cb6a5b959a6c21e6cf75
- Size
  
  212KB
- MD5
  
  75afd7776f1ddbe20ab000eadb644dd0
- SHA1
  
  35a8e86f65764017e93ac8148b9e7852e2340df2
- SHA256
  
  21aa018b377d4e22f8d58ade6adfbac2263ae51fcb07cb6a5b959a6c21e6cf75
- SHA512
  
  e1600f74638fda494abbc667f88c21fb1065291baddb785cf41344797264b2c5995458e8981627bc38434f549598754c6e7e1238d0585a5489818ac1820c63a1
- SSDEEP
  
  1536:nPVVLz2cGCG5QBLAx4cd9Lv2PElgWrY/NoN274B/K51ptaHElfTczp6Far2/AgA5:fLyL56Up++wNoN2N04A1osd
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence