4f4c68503398cde9d37ccbcadf095230d9fb49a1d74d5ad77b617c288f95f1a9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f4c68503398cde9d37ccbcadf095230d9fb49a1d74d5ad77b617c288f95f1a9
Size

300KB
Sample

221011-y4a1nscher
MD5

6e0b44c30c0a20a18466fc5d2b10aa10
SHA1

2102c8adffe3d10e4dd98ece7916cffd2eab149a
SHA256

4f4c68503398cde9d37ccbcadf095230d9fb49a1d74d5ad77b617c288f95f1a9
SHA512

0874cdb296aba31a2f7043149783ebea0daf69590341f000069b9c0d8e19dde9d13d2d535e1188a487a8d4c3b3980549a1b33ce8cd4ad13f97f3287546c2b861
SSDEEP

6144:aeXobSf8dV949Y4ZI1+LKDshbrOmswAxBfVKA2vSuM8:amf8dV949Y4ZI1+LKDshbrOy6EvSuM8

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4f4c68503398cde9d37ccbcadf095230d9fb49a1d74d5ad77b617c288f95f1a9
- Size
  
  300KB
- MD5
  
  6e0b44c30c0a20a18466fc5d2b10aa10
- SHA1
  
  2102c8adffe3d10e4dd98ece7916cffd2eab149a
- SHA256
  
  4f4c68503398cde9d37ccbcadf095230d9fb49a1d74d5ad77b617c288f95f1a9
- SHA512
  
  0874cdb296aba31a2f7043149783ebea0daf69590341f000069b9c0d8e19dde9d13d2d535e1188a487a8d4c3b3980549a1b33ce8cd4ad13f97f3287546c2b861
- SSDEEP
  
  6144:aeXobSf8dV949Y4ZI1+LKDshbrOmswAxBfVKA2vSuM8:amf8dV949Y4ZI1+LKDshbrOy6EvSuM8
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence