0a80a7558bd730ca69322261be9508ecb32122d5661d85765298c5b5dd60bfa5 | Triage

Sharing

General

Target

0a80a7558bd730ca69322261be9508ecb32122d5661d85765298c5b5dd60bfa5
Size

200KB
Sample

221011-zmv5ysdhg7
MD5

6ddbadd4babbf063c08649f6152e4bc0
SHA1

70178f950810b161d82edbfa24b557b8ea5f8ad9
SHA256

0a80a7558bd730ca69322261be9508ecb32122d5661d85765298c5b5dd60bfa5
SHA512

8fae19e9e3c79ae97577306526df0b7d3234ead4f4ad9c3c9a4cca897e518a35f145237879b16f800441066818301c3dbc83d91957d19ceb6e3e6e32ad692496
SSDEEP

6144:vmHL99ZpWymPBeaSAOJ+7xi5eRed63qaCR8nIBKu:OB9rLmPBeaSAOJ+7xi5eRed63qaCP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0a80a7558bd730ca69322261be9508ecb32122d5661d85765298c5b5dd60bfa5
- Size
  
  200KB
- MD5
  
  6ddbadd4babbf063c08649f6152e4bc0
- SHA1
  
  70178f950810b161d82edbfa24b557b8ea5f8ad9
- SHA256
  
  0a80a7558bd730ca69322261be9508ecb32122d5661d85765298c5b5dd60bfa5
- SHA512
  
  8fae19e9e3c79ae97577306526df0b7d3234ead4f4ad9c3c9a4cca897e518a35f145237879b16f800441066818301c3dbc83d91957d19ceb6e3e6e32ad692496
- SSDEEP
  
  6144:vmHL99ZpWymPBeaSAOJ+7xi5eRed63qaCR8nIBKu:OB9rLmPBeaSAOJ+7xi5eRed63qaCP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence