0a2d11f917edcb758b1c417fc95d9dbaff6265c8a451cc339100afc92075016e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a2d11f917edcb758b1c417fc95d9dbaff6265c8a451cc339100afc92075016e
Size

128KB
Sample

221003-j64nfagcbq
MD5

68b8f085ef2eda3c3f47e11d09d3ccd0
SHA1

4a1f9b84d04927477d5e5137de172f78e7baa2f9
SHA256

0a2d11f917edcb758b1c417fc95d9dbaff6265c8a451cc339100afc92075016e
SHA512

a92af16d9933f00a03c736d15ec8d1d491047d61dbc5946954b17bbc3635a93c8ad10411c085886267f6297feed501b0942b28b563c531d422e48b71b647cf1c
SSDEEP

3072:I3wu13y4CpCfCGCCOCwC9CvCFCfCLCvCUCLC2FInROUSRSGSuSQSmSNS4SQSsSTV:hu13yGFInRO

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0a2d11f917edcb758b1c417fc95d9dbaff6265c8a451cc339100afc92075016e
- Size
  
  128KB
- MD5
  
  68b8f085ef2eda3c3f47e11d09d3ccd0
- SHA1
  
  4a1f9b84d04927477d5e5137de172f78e7baa2f9
- SHA256
  
  0a2d11f917edcb758b1c417fc95d9dbaff6265c8a451cc339100afc92075016e
- SHA512
  
  a92af16d9933f00a03c736d15ec8d1d491047d61dbc5946954b17bbc3635a93c8ad10411c085886267f6297feed501b0942b28b563c531d422e48b71b647cf1c
- SSDEEP
  
  3072:I3wu13y4CpCfCGCCOCwC9CvCFCfCLCvCUCLC2FInROUSRSGSuSQSmSNS4SQSsSTV:hu13yGFInRO
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence