f2b89226d7846f2cdc862c9bbaa67d4d49c315af8769e264b1a05b47ab6a787b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f2b89226d7846f2cdc862c9bbaa67d4d49c315af8769e264b1a05b47ab6a787b
Size

112KB
Sample

221019-z491fahah7
MD5

830626c9c1f3b3ad204358cd87683d57
SHA1

5ba0fe129c90334f1c6ae1a9a1b7a35efcde4f0d
SHA256

f2b89226d7846f2cdc862c9bbaa67d4d49c315af8769e264b1a05b47ab6a787b
SHA512

bf52bb76ac697890545932bf90b9b968a0d10b72e96fff0af2ab482c903b9d7734a70bbf1f0e820646ec1e249f0152a56055616990414a9c9e5824203e7ea72a
SSDEEP

1536:B6Wgk+ApDpP4y9Jo3r5dvr24LW1s7Gvy7WO/xE50pYB/0taaSD3XEpLEJ7o:frpAiO3Tr291syvy7WO/xaB/6p3

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f2b89226d7846f2cdc862c9bbaa67d4d49c315af8769e264b1a05b47ab6a787b
- Size
  
  112KB
- MD5
  
  830626c9c1f3b3ad204358cd87683d57
- SHA1
  
  5ba0fe129c90334f1c6ae1a9a1b7a35efcde4f0d
- SHA256
  
  f2b89226d7846f2cdc862c9bbaa67d4d49c315af8769e264b1a05b47ab6a787b
- SHA512
  
  bf52bb76ac697890545932bf90b9b968a0d10b72e96fff0af2ab482c903b9d7734a70bbf1f0e820646ec1e249f0152a56055616990414a9c9e5824203e7ea72a
- SSDEEP
  
  1536:B6Wgk+ApDpP4y9Jo3r5dvr24LW1s7Gvy7WO/xE50pYB/0taaSD3XEpLEJ7o:frpAiO3Tr291syvy7WO/xaB/6p3
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence