cdc8bd4b65bdc46e3b33ca3d4ff09e5a89603fd76468aa8dffaffbb1e950ea8d | Triage

Sharing

General

Target

cdc8bd4b65bdc46e3b33ca3d4ff09e5a89603fd76468aa8dffaffbb1e950ea8d
Size

88KB
Sample

221003-df56padcb3
MD5

6d33333a86b21312813b3c4f810ede20
SHA1

57634a174af1a4196e6a689f631d55919569b997
SHA256

cdc8bd4b65bdc46e3b33ca3d4ff09e5a89603fd76468aa8dffaffbb1e950ea8d
SHA512

28b91b7ee9f51605e28746bd9ddfc3adb053d3733d3717cc75414242b0c190e18a0981b748c271c6332b8a78c6394f2b7d912607fbf53015ac2821ab6872b7ff
SSDEEP

1536:NETwkNvg9rlFEJ71b2gYmHVwrESOQdGV4Hj:6TjaTiJ71bB+Gsj

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  cdc8bd4b65bdc46e3b33ca3d4ff09e5a89603fd76468aa8dffaffbb1e950ea8d
- Size
  
  88KB
- MD5
  
  6d33333a86b21312813b3c4f810ede20
- SHA1
  
  57634a174af1a4196e6a689f631d55919569b997
- SHA256
  
  cdc8bd4b65bdc46e3b33ca3d4ff09e5a89603fd76468aa8dffaffbb1e950ea8d
- SHA512
  
  28b91b7ee9f51605e28746bd9ddfc3adb053d3733d3717cc75414242b0c190e18a0981b748c271c6332b8a78c6394f2b7d912607fbf53015ac2821ab6872b7ff
- SSDEEP
  
  1536:NETwkNvg9rlFEJ71b2gYmHVwrESOQdGV4Hj:6TjaTiJ71bB+Gsj
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence