b0b0f1477c8d7752a5089083806fb583b8b0d64a275454eef2ddfd944ad0a6ee | Triage

Sharing

General

Target

b0b0f1477c8d7752a5089083806fb583b8b0d64a275454eef2ddfd944ad0a6ee
Size

192KB
Sample

221003-c7tfjacgc4
MD5

624125a1de0e915520e2ec60c921e610
SHA1

5c49c67938fac549b8509e495ad5d844a2a39b20
SHA256

b0b0f1477c8d7752a5089083806fb583b8b0d64a275454eef2ddfd944ad0a6ee
SHA512

1b46bbd04fdd657ac2f166b7bc9de10dec5cf0b3176f42551d9d226cff614801f1241ee009b717b87b844e1727913c21a5658944f80ea5e312e12a2c5d35fab3
SSDEEP

3072:4jjLIxdvKuGr7t5qCRFSoRQg/yqq9Kf5L/SV5qK:YiVCRFSoRQNC5L/hK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b0b0f1477c8d7752a5089083806fb583b8b0d64a275454eef2ddfd944ad0a6ee
- Size
  
  192KB
- MD5
  
  624125a1de0e915520e2ec60c921e610
- SHA1
  
  5c49c67938fac549b8509e495ad5d844a2a39b20
- SHA256
  
  b0b0f1477c8d7752a5089083806fb583b8b0d64a275454eef2ddfd944ad0a6ee
- SHA512
  
  1b46bbd04fdd657ac2f166b7bc9de10dec5cf0b3176f42551d9d226cff614801f1241ee009b717b87b844e1727913c21a5658944f80ea5e312e12a2c5d35fab3
- SSDEEP
  
  3072:4jjLIxdvKuGr7t5qCRFSoRQg/yqq9Kf5L/SV5qK:YiVCRFSoRQNC5L/hK
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence