4deab1eabb3851d621fb7351fd8a4a5bf70384dd97d1ac212e0f13cfe0b3fcd9 | Triage

Sharing

General

Target

4deab1eabb3851d621fb7351fd8a4a5bf70384dd97d1ac212e0f13cfe0b3fcd9
Size

212KB
Sample

221018-zf4hradfd2
MD5

fcd35eb3ed01d78aadf39817fb13177f
SHA1

4c37bbe75be146f8742027793313fb1179c2fe35
SHA256

4deab1eabb3851d621fb7351fd8a4a5bf70384dd97d1ac212e0f13cfe0b3fcd9
SHA512

3aed0eb1cd493c892bf4f83738ec4a66882bfe26705c682e243c7ec44274dca6b3e6e58bafc2004510725db22f892c15dc51d6c76f73c119eff24dc7dc26e0a4
SSDEEP

1536:NqnVVLz2cGChoLAx4cd9Lv2PElgWEwNoN274B/K51ptaHElfTczp6Far2/AgAIS9:6Ly8UUp+QNoN2N04A1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4deab1eabb3851d621fb7351fd8a4a5bf70384dd97d1ac212e0f13cfe0b3fcd9
- Size
  
  212KB
- MD5
  
  fcd35eb3ed01d78aadf39817fb13177f
- SHA1
  
  4c37bbe75be146f8742027793313fb1179c2fe35
- SHA256
  
  4deab1eabb3851d621fb7351fd8a4a5bf70384dd97d1ac212e0f13cfe0b3fcd9
- SHA512
  
  3aed0eb1cd493c892bf4f83738ec4a66882bfe26705c682e243c7ec44274dca6b3e6e58bafc2004510725db22f892c15dc51d6c76f73c119eff24dc7dc26e0a4
- SSDEEP
  
  1536:NqnVVLz2cGChoLAx4cd9Lv2PElgWEwNoN274B/K51ptaHElfTczp6Far2/AgAIS9:6Ly8UUp+QNoN2N04A1
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence