c4296bc4f7e21ff80269545c2cc62e2dcd9ff17c23c788441945b13c33143418 | Triage

Sharing

General

Target

c4296bc4f7e21ff80269545c2cc62e2dcd9ff17c23c788441945b13c33143418
Size

120KB
Sample

221004-ext1escab8
MD5

53c8cf3248b56ceda5d9563363607566
SHA1

a220aa9e0845c4ed9e29c2d41dc2f2dd4efb193b
SHA256

c4296bc4f7e21ff80269545c2cc62e2dcd9ff17c23c788441945b13c33143418
SHA512

79248618f765ec4509e6b243ac7e27a01cf2fb567f7c9bd8751445e44835b6cf5d540af4678b5cfd04bb63b1b0bee4d21f90fad03b307095bff9b1dbf1a4d8ad
SSDEEP

1536:tusUZAfeEvVkdXGE2Mtf9oUrUQKVQg9F5tkV7pjuX5e6wTeU/60hQHy4kt5r:/UAemVkR2MtF3SV9qThay5r

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c4296bc4f7e21ff80269545c2cc62e2dcd9ff17c23c788441945b13c33143418
- Size
  
  120KB
- MD5
  
  53c8cf3248b56ceda5d9563363607566
- SHA1
  
  a220aa9e0845c4ed9e29c2d41dc2f2dd4efb193b
- SHA256
  
  c4296bc4f7e21ff80269545c2cc62e2dcd9ff17c23c788441945b13c33143418
- SHA512
  
  79248618f765ec4509e6b243ac7e27a01cf2fb567f7c9bd8751445e44835b6cf5d540af4678b5cfd04bb63b1b0bee4d21f90fad03b307095bff9b1dbf1a4d8ad
- SSDEEP
  
  1536:tusUZAfeEvVkdXGE2Mtf9oUrUQKVQg9F5tkV7pjuX5e6wTeU/60hQHy4kt5r:/UAemVkR2MtF3SV9qThay5r
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence