0bdbe5a6beefc1a57b6ad628fa74ebbf4e7172f32c2c974260089009a7bee11e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bdbe5a6beefc1a57b6ad628fa74ebbf4e7172f32c2c974260089009a7bee11e
Size

180KB
Sample

221017-k44q4abce4
MD5

a30504153e7e99722e57e82493c49845
SHA1

a5387e8d928b7e7415b0ae5be3bf9a30995c2a2b
SHA256

0bdbe5a6beefc1a57b6ad628fa74ebbf4e7172f32c2c974260089009a7bee11e
SHA512

b34b4f705c4059021ac3796b5502f89b387bf690dcfb6e4219325061aa837ad63e72e677a173c17c3ebc78dd114c694d5b58613b998d2239709adb6d844d5686
SSDEEP

3072:Jy+dVAXY71idPAaRELGzMshNXTDFE+7jF6XTjO1:Jy+zAY+ocqFshNTDT756XTI

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0bdbe5a6beefc1a57b6ad628fa74ebbf4e7172f32c2c974260089009a7bee11e
- Size
  
  180KB
- MD5
  
  a30504153e7e99722e57e82493c49845
- SHA1
  
  a5387e8d928b7e7415b0ae5be3bf9a30995c2a2b
- SHA256
  
  0bdbe5a6beefc1a57b6ad628fa74ebbf4e7172f32c2c974260089009a7bee11e
- SHA512
  
  b34b4f705c4059021ac3796b5502f89b387bf690dcfb6e4219325061aa837ad63e72e677a173c17c3ebc78dd114c694d5b58613b998d2239709adb6d844d5686
- SSDEEP
  
  3072:Jy+dVAXY71idPAaRELGzMshNXTDFE+7jF6XTjO1:Jy+zAY+ocqFshNTDT756XTI
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence