0de3c0dc2cee95e4778d90f24c00f03b03e78d0042de12c6cbf24335168999ba | Triage

Sharing

General

Target

0de3c0dc2cee95e4778d90f24c00f03b03e78d0042de12c6cbf24335168999ba
Size

132KB
Sample

221011-b65lqshff5
MD5

66a8968e23ddbe470e39525b2ac106f1
SHA1

40087e20932faae5762ad8dadf5f0dda6791cebf
SHA256

0de3c0dc2cee95e4778d90f24c00f03b03e78d0042de12c6cbf24335168999ba
SHA512

4f3963d7da52c6baf8732a02cb032f67457867473dd4a02017747c9e33d007372f4e41791427ffd51149b8b0288848aa1532309282b04611524dd9e567eb08e3
SSDEEP

3072:IHhwYCmNLBVWTynxskcq4CzlNV3bXkdCS31YaTl:kCklVlx0lGlz3bXkN31Ys

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0de3c0dc2cee95e4778d90f24c00f03b03e78d0042de12c6cbf24335168999ba
- Size
  
  132KB
- MD5
  
  66a8968e23ddbe470e39525b2ac106f1
- SHA1
  
  40087e20932faae5762ad8dadf5f0dda6791cebf
- SHA256
  
  0de3c0dc2cee95e4778d90f24c00f03b03e78d0042de12c6cbf24335168999ba
- SHA512
  
  4f3963d7da52c6baf8732a02cb032f67457867473dd4a02017747c9e33d007372f4e41791427ffd51149b8b0288848aa1532309282b04611524dd9e567eb08e3
- SSDEEP
  
  3072:IHhwYCmNLBVWTynxskcq4CzlNV3bXkdCS31YaTl:kCklVlx0lGlz3bXkN31Ys
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence