35a0460b2393be4815629c1a8b4f78a422b5a9cad0708136b730fdd2b9ea6442 | Triage

Sharing

General

Target

35a0460b2393be4815629c1a8b4f78a422b5a9cad0708136b730fdd2b9ea6442
Size

176KB
Sample

221002-s1w6vacgd4
MD5

348762092bc9abda67b6c23400227160
SHA1

aa5d2023759c4350db0936263176d58d818c2aaa
SHA256

35a0460b2393be4815629c1a8b4f78a422b5a9cad0708136b730fdd2b9ea6442
SHA512

2c64db8b89d587ea7d45e716814c2d6fb67cb2904cf92a983e93b2c18180ca940af8e82f7bb6c7ad1348255d8611edd2989e1bc562faa10bcd5efb88b18bd4c6
SSDEEP

3072:yZrHtNHLk2URFGAJb4O3JDmSufeHcpF3eKatFyK/fObT/bGiyrDmwBWbrVELTiBx:oBN3URMAJb4O3JDm9feHcpF3DjK/fObF

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  35a0460b2393be4815629c1a8b4f78a422b5a9cad0708136b730fdd2b9ea6442
- Size
  
  176KB
- MD5
  
  348762092bc9abda67b6c23400227160
- SHA1
  
  aa5d2023759c4350db0936263176d58d818c2aaa
- SHA256
  
  35a0460b2393be4815629c1a8b4f78a422b5a9cad0708136b730fdd2b9ea6442
- SHA512
  
  2c64db8b89d587ea7d45e716814c2d6fb67cb2904cf92a983e93b2c18180ca940af8e82f7bb6c7ad1348255d8611edd2989e1bc562faa10bcd5efb88b18bd4c6
- SSDEEP
  
  3072:yZrHtNHLk2URFGAJb4O3JDmSufeHcpF3eKatFyK/fObT/bGiyrDmwBWbrVELTiBx:oBN3URMAJb4O3JDm9feHcpF3DjK/fObF
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence