c5c4436278cc8635e9f4188c5928fe9dec34d1d193c18a150733a5a39270c28f | Triage

Sharing

General

Target

c5c4436278cc8635e9f4188c5928fe9dec34d1d193c18a150733a5a39270c28f
Size

244KB
Sample

221003-dvjk8sdhc7
MD5

640d3f282dea4e2567fe3b85a9cbecd0
SHA1

fe7139a0ce48f3284acca776a42b1116b1d191e5
SHA256

c5c4436278cc8635e9f4188c5928fe9dec34d1d193c18a150733a5a39270c28f
SHA512

32048c8dc25f99469686046e104830bb2dcf40310cbca37ce0ac8428b70beecb30f058162f83611afc42794957ef3d512c4d6d6d0110057e89dba2e5f1f2f624
SSDEEP

768:1lvMaHYJ6vmyFwbjMPkG1VuW/wqvRXMXp677yCzdXZRT2Nq1MaQnepMri14PGBEv:1Rl4Jgmy6lGVs4emEFbMP0

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c5c4436278cc8635e9f4188c5928fe9dec34d1d193c18a150733a5a39270c28f
- Size
  
  244KB
- MD5
  
  640d3f282dea4e2567fe3b85a9cbecd0
- SHA1
  
  fe7139a0ce48f3284acca776a42b1116b1d191e5
- SHA256
  
  c5c4436278cc8635e9f4188c5928fe9dec34d1d193c18a150733a5a39270c28f
- SHA512
  
  32048c8dc25f99469686046e104830bb2dcf40310cbca37ce0ac8428b70beecb30f058162f83611afc42794957ef3d512c4d6d6d0110057e89dba2e5f1f2f624
- SSDEEP
  
  768:1lvMaHYJ6vmyFwbjMPkG1VuW/wqvRXMXp677yCzdXZRT2Nq1MaQnepMri14PGBEv:1Rl4Jgmy6lGVs4emEFbMP0
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence