4b12050551511a13ee3792cda15253bcae70bcc612109e0fe401ba70ca7d5d71 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b12050551511a13ee3792cda15253bcae70bcc612109e0fe401ba70ca7d5d71
Size

332KB
Sample

221003-gyk51sahg3
MD5

48e63069b545fb74e75ab4d5a0b5fe46
SHA1

b74226b34ae8658d2363c418ae20d2b1bfc84121
SHA256

4b12050551511a13ee3792cda15253bcae70bcc612109e0fe401ba70ca7d5d71
SHA512

51e8dedb19f8c348e9b38dddc1a496dca13eb6e2daccc5d7158600192484f1cdf0a2dee0caf7228646066cbef45bbdde133a6f9eac06acf3468206c990d53bbe
SSDEEP

3072:Wq9jSeaNx+zuD7mEVSuekhGkYrQRVZq3eFo4ejLnlQISQLpyhZu6qyKtrlbHrs2R:S5Nx+A2WGk1Y3nmQcuyKdFrs2OXu1d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4b12050551511a13ee3792cda15253bcae70bcc612109e0fe401ba70ca7d5d71
- Size
  
  332KB
- MD5
  
  48e63069b545fb74e75ab4d5a0b5fe46
- SHA1
  
  b74226b34ae8658d2363c418ae20d2b1bfc84121
- SHA256
  
  4b12050551511a13ee3792cda15253bcae70bcc612109e0fe401ba70ca7d5d71
- SHA512
  
  51e8dedb19f8c348e9b38dddc1a496dca13eb6e2daccc5d7158600192484f1cdf0a2dee0caf7228646066cbef45bbdde133a6f9eac06acf3468206c990d53bbe
- SSDEEP
  
  3072:Wq9jSeaNx+zuD7mEVSuekhGkYrQRVZq3eFo4ejLnlQISQLpyhZu6qyKtrlbHrs2R:S5Nx+A2WGk1Y3nmQcuyKdFrs2OXu1d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence