cb650784b6128476c7eae465f4b20cf65b2abf5b24a801862dba92a06a008279 | Triage

Sharing

General

Target

cb650784b6128476c7eae465f4b20cf65b2abf5b24a801862dba92a06a008279
Size

144KB
Sample

221019-rdw2wsahg9
MD5

a24134f811f84f5099d2fdf1a67a7620
SHA1

acaa815c888c106554796379b5756d5f61833c65
SHA256

cb650784b6128476c7eae465f4b20cf65b2abf5b24a801862dba92a06a008279
SHA512

93047d056f2735f316ffcc43632491c90cd280b079807fd6c3ac066c6ff1c34c9eefe2441b079acc799fbb29dc73acd8a9c2f52b02f3f1b2f60ce3a1c32e2276
SSDEEP

1536:B6DuxKPWt3obF0gja0G+UAqn2z3HldglfL3wi65IWS9qfmAhjimR:UDMKOtgSDplAVelfTWI6fmAFimR

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  cb650784b6128476c7eae465f4b20cf65b2abf5b24a801862dba92a06a008279
- Size
  
  144KB
- MD5
  
  a24134f811f84f5099d2fdf1a67a7620
- SHA1
  
  acaa815c888c106554796379b5756d5f61833c65
- SHA256
  
  cb650784b6128476c7eae465f4b20cf65b2abf5b24a801862dba92a06a008279
- SHA512
  
  93047d056f2735f316ffcc43632491c90cd280b079807fd6c3ac066c6ff1c34c9eefe2441b079acc799fbb29dc73acd8a9c2f52b02f3f1b2f60ce3a1c32e2276
- SSDEEP
  
  1536:B6DuxKPWt3obF0gja0G+UAqn2z3HldglfL3wi65IWS9qfmAhjimR:UDMKOtgSDplAVelfTWI6fmAFimR
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence