dbaf6ce37aaa93171e8b677262abda5265559902e73f9b6f0905bf097b2f22c1 | Triage

Sharing

General

Target

dbaf6ce37aaa93171e8b677262abda5265559902e73f9b6f0905bf097b2f22c1
Size

132KB
Sample

221011-b8cczahgc2
MD5

68fe5d93ad05dbe212612ec95c707f70
SHA1

e32a2b8d2429ee5ccd20e70d6523cf1d51e43424
SHA256

dbaf6ce37aaa93171e8b677262abda5265559902e73f9b6f0905bf097b2f22c1
SHA512

9705aa72415d227d26bf522515854f430300a9f251dd8683000abcc0ca1fa034a8b5aff666e8b0e80c8381b273878b74ed760e7b117d540e74b9f770d3cc0d45
SSDEEP

3072:q3k/YPrdVfWM8RM/8KmwBErXXFefQmD8ampj8ibxm:h/cX8/KmwBEjXFeos8aCAi8

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  dbaf6ce37aaa93171e8b677262abda5265559902e73f9b6f0905bf097b2f22c1
- Size
  
  132KB
- MD5
  
  68fe5d93ad05dbe212612ec95c707f70
- SHA1
  
  e32a2b8d2429ee5ccd20e70d6523cf1d51e43424
- SHA256
  
  dbaf6ce37aaa93171e8b677262abda5265559902e73f9b6f0905bf097b2f22c1
- SHA512
  
  9705aa72415d227d26bf522515854f430300a9f251dd8683000abcc0ca1fa034a8b5aff666e8b0e80c8381b273878b74ed760e7b117d540e74b9f770d3cc0d45
- SSDEEP
  
  3072:q3k/YPrdVfWM8RM/8KmwBErXXFefQmD8ampj8ibxm:h/cX8/KmwBEjXFeos8aCAi8
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence