d88c9fdff3af3895431fe8b671e706525e78fdff58e7d3c5b7b9af126a6db0a3 | Triage

Sharing

General

Target

d88c9fdff3af3895431fe8b671e706525e78fdff58e7d3c5b7b9af126a6db0a3
Size

348KB
Sample

221018-d2mapsece3
MD5

2287ea0569ff4c181a0050da1a33595b
SHA1

89eb589364d84823cd0cab91e7251eadec97e8e7
SHA256

d88c9fdff3af3895431fe8b671e706525e78fdff58e7d3c5b7b9af126a6db0a3
SHA512

e0614cde0270bcb2661993e216d6f9c5ce0454b49b170d415e7e167335a0ff9510f121dc97d28b040828b36c50ca95aaf574ea963e5457c8c799d4af5bb89f3f
SSDEEP

3072:ECXTo/0Yxyk0tQ9nLHbB9WPliBs2HWWEakGJm9cFso:ECusk4QxL7B9WPli+yWWEazH

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d88c9fdff3af3895431fe8b671e706525e78fdff58e7d3c5b7b9af126a6db0a3
- Size
  
  348KB
- MD5
  
  2287ea0569ff4c181a0050da1a33595b
- SHA1
  
  89eb589364d84823cd0cab91e7251eadec97e8e7
- SHA256
  
  d88c9fdff3af3895431fe8b671e706525e78fdff58e7d3c5b7b9af126a6db0a3
- SHA512
  
  e0614cde0270bcb2661993e216d6f9c5ce0454b49b170d415e7e167335a0ff9510f121dc97d28b040828b36c50ca95aaf574ea963e5457c8c799d4af5bb89f3f
- SSDEEP
  
  3072:ECXTo/0Yxyk0tQ9nLHbB9WPliBs2HWWEakGJm9cFso:ECusk4QxL7B9WPli+yWWEazH
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence