289f98a5699f61ef7bd451d422c6e16302dee6d12d02a4af51c7aa6abf7acd4a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

289f98a5699f61ef7bd451d422c6e16302dee6d12d02a4af51c7aa6abf7acd4a
Size

148KB
Sample

221011-ednpasdbg7
MD5

56257a377fa25ffdded153e162fc79e0
SHA1

3793dbf4a5372542c8a8bdc0350c96bd0df714f8
SHA256

289f98a5699f61ef7bd451d422c6e16302dee6d12d02a4af51c7aa6abf7acd4a
SHA512

7b6ffb9c256c57633f3b15f8c719d2928c71748837c24ecff457ffd7e95f7eff843efb4ac1280b921610e041eed0ec044b1b4ce7c14a66dd1f8b8960bdcb216a
SSDEEP

3072:vena7xbbWu/3dwToMYMoBSJuKQ/JGWcKwYk6U+Q:vena9Wu/3+4diWPwY+Z

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  289f98a5699f61ef7bd451d422c6e16302dee6d12d02a4af51c7aa6abf7acd4a
- Size
  
  148KB
- MD5
  
  56257a377fa25ffdded153e162fc79e0
- SHA1
  
  3793dbf4a5372542c8a8bdc0350c96bd0df714f8
- SHA256
  
  289f98a5699f61ef7bd451d422c6e16302dee6d12d02a4af51c7aa6abf7acd4a
- SHA512
  
  7b6ffb9c256c57633f3b15f8c719d2928c71748837c24ecff457ffd7e95f7eff843efb4ac1280b921610e041eed0ec044b1b4ce7c14a66dd1f8b8960bdcb216a
- SSDEEP
  
  3072:vena7xbbWu/3dwToMYMoBSJuKQ/JGWcKwYk6U+Q:vena9Wu/3+4diWPwY+Z
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence