ab85473efa31b3380674057296aff410bac4313de690ed4d965fdc8167bc87be | Triage

Sharing

General

Target

ab85473efa31b3380674057296aff410bac4313de690ed4d965fdc8167bc87be
Size

124KB
Sample

221011-bzszcshecl
MD5

68a83e7b25332564030d2fd30b14ae20
SHA1

bf550cd9fc313723ccebf5e2a9dc1e8dd7557342
SHA256

ab85473efa31b3380674057296aff410bac4313de690ed4d965fdc8167bc87be
SHA512

79b6abb219c11006264238228b6e39bc2fd9e87ce5056112560cc01003494810d5fed5bfffd9fedde8c5bf87281ce4af75ea08db428ed0ee618e0618231bedb8
SSDEEP

1536:50ceYl02OnF7qnJiq6H48O6j6/t66366Z6Jz36k6eA66KD6sqG/Oji6FA8HxAH6C:GZD2OnF7qJS3e50wMZZZZWMkIJ26

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ab85473efa31b3380674057296aff410bac4313de690ed4d965fdc8167bc87be
- Size
  
  124KB
- MD5
  
  68a83e7b25332564030d2fd30b14ae20
- SHA1
  
  bf550cd9fc313723ccebf5e2a9dc1e8dd7557342
- SHA256
  
  ab85473efa31b3380674057296aff410bac4313de690ed4d965fdc8167bc87be
- SHA512
  
  79b6abb219c11006264238228b6e39bc2fd9e87ce5056112560cc01003494810d5fed5bfffd9fedde8c5bf87281ce4af75ea08db428ed0ee618e0618231bedb8
- SSDEEP
  
  1536:50ceYl02OnF7qnJiq6H48O6j6/t66366Z6Jz36k6eA66KD6sqG/Oji6FA8HxAH6C:GZD2OnF7qJS3e50wMZZZZWMkIJ26
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence