22bd1934052842e96ea5f1b9938f1ec2871059fecd510d6b829a4c612ccdabf5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22bd1934052842e96ea5f1b9938f1ec2871059fecd510d6b829a4c612ccdabf5
Size

320KB
Sample

221012-rdj3bsefdm
MD5

6dd82f18a58f3e3a450c9d5a93f87f90
SHA1

a5b83f4a2dadcbcff62065fbcf9e7b3dc9cf6130
SHA256

22bd1934052842e96ea5f1b9938f1ec2871059fecd510d6b829a4c612ccdabf5
SHA512

8a303fbb888ec33a14211e05a13485bbea4e702289b4cbb649511586478a538294c1f9f09bc7b34b74e199bf650be2692deeef3c10659baef002f7c0c600d36e
SSDEEP

6144:lc+xPxlRGOiHJ66onJGr+qyVztumGS5Ni3hpgoMKMphaeVf2B71L:ljPjRGOi76JGr+qyVztumGS5YqoyU71L

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  22bd1934052842e96ea5f1b9938f1ec2871059fecd510d6b829a4c612ccdabf5
- Size
  
  320KB
- MD5
  
  6dd82f18a58f3e3a450c9d5a93f87f90
- SHA1
  
  a5b83f4a2dadcbcff62065fbcf9e7b3dc9cf6130
- SHA256
  
  22bd1934052842e96ea5f1b9938f1ec2871059fecd510d6b829a4c612ccdabf5
- SHA512
  
  8a303fbb888ec33a14211e05a13485bbea4e702289b4cbb649511586478a538294c1f9f09bc7b34b74e199bf650be2692deeef3c10659baef002f7c0c600d36e
- SSDEEP
  
  6144:lc+xPxlRGOiHJ66onJGr+qyVztumGS5Ni3hpgoMKMphaeVf2B71L:ljPjRGOi76JGr+qyVztumGS5YqoyU71L
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence