f4f0556fa8148909bc0c920d4081c83510a146018d8d0f6efeb31fe0199f978d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f4f0556fa8148909bc0c920d4081c83510a146018d8d0f6efeb31fe0199f978d
Size

212KB
Sample

221003-c4rsjaceg4
MD5

0510db6ea705d852a50996ec13e616e9
SHA1

2ee1a906ab722d16655aae4ac4f0f46435273e6c
SHA256

f4f0556fa8148909bc0c920d4081c83510a146018d8d0f6efeb31fe0199f978d
SHA512

bf3cb13b30ac99415b36dfe9321f31dd8fb0498e8589440618311c553c3e8271c34a2594b26ca33d2afa3d20140e0ea508eda2b654c782b1d142e9b27ca83a06
SSDEEP

6144:0CKb9FwzWQ52O8J0bqihew3b7KvfCBnn78MDxG6oRKnvmb7/D26NhHmpfXJNRSf:rKhFwh/8J0egew3bevfY78MDxG6oRKnY

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f4f0556fa8148909bc0c920d4081c83510a146018d8d0f6efeb31fe0199f978d
- Size
  
  212KB
- MD5
  
  0510db6ea705d852a50996ec13e616e9
- SHA1
  
  2ee1a906ab722d16655aae4ac4f0f46435273e6c
- SHA256
  
  f4f0556fa8148909bc0c920d4081c83510a146018d8d0f6efeb31fe0199f978d
- SHA512
  
  bf3cb13b30ac99415b36dfe9321f31dd8fb0498e8589440618311c553c3e8271c34a2594b26ca33d2afa3d20140e0ea508eda2b654c782b1d142e9b27ca83a06
- SSDEEP
  
  6144:0CKb9FwzWQ52O8J0bqihew3b7KvfCBnn78MDxG6oRKnvmb7/D26NhHmpfXJNRSf:rKhFwh/8J0egew3bevfY78MDxG6oRKnY
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence