16ac84c9b9091e6f7bfec476a6806c5442b2a1d845ee26dcd49e921e4537342f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16ac84c9b9091e6f7bfec476a6806c5442b2a1d845ee26dcd49e921e4537342f
Size

244KB
Sample

221002-jldlhsecd3
MD5

565f945de43648a216f7ed27077a6277
SHA1

7280a5218d956075ccc12bb49008b1f9a297fc51
SHA256

16ac84c9b9091e6f7bfec476a6806c5442b2a1d845ee26dcd49e921e4537342f
SHA512

cc0d03829d458f0e6e8fab3bca28afc1c755c75fc161722ad2164179b7369f96a3b95cd3f0d4c9e7620aaedd61b1acb9dbe4be6d0cce1c79bada328b0474fabe
SSDEEP

6144:fgw8DFe0qip4r1XNOmNBLxAG7H59R7g0fY4rGK/fObT/bGijVq1Wzr/+mNGXnFGi:fD8DFe0qip4rZNOm3FAG7H59R7g0fY4f

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  16ac84c9b9091e6f7bfec476a6806c5442b2a1d845ee26dcd49e921e4537342f
- Size
  
  244KB
- MD5
  
  565f945de43648a216f7ed27077a6277
- SHA1
  
  7280a5218d956075ccc12bb49008b1f9a297fc51
- SHA256
  
  16ac84c9b9091e6f7bfec476a6806c5442b2a1d845ee26dcd49e921e4537342f
- SHA512
  
  cc0d03829d458f0e6e8fab3bca28afc1c755c75fc161722ad2164179b7369f96a3b95cd3f0d4c9e7620aaedd61b1acb9dbe4be6d0cce1c79bada328b0474fabe
- SSDEEP
  
  6144:fgw8DFe0qip4r1XNOmNBLxAG7H59R7g0fY4rGK/fObT/bGijVq1Wzr/+mNGXnFGi:fD8DFe0qip4rZNOm3FAG7H59R7g0fY4f
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence