c3bc13cab300f6f1f5f4e66abdf6fa1a04bf97310d5f98fa060fdf5c8e5b76d4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c3bc13cab300f6f1f5f4e66abdf6fa1a04bf97310d5f98fa060fdf5c8e5b76d4
Size

176KB
Sample

221020-16pmysggen
MD5

76daf69d6b2a19c9565d52a326e9a730
SHA1

7a8e75437957abccb4977578eb61aa056b9715fb
SHA256

c3bc13cab300f6f1f5f4e66abdf6fa1a04bf97310d5f98fa060fdf5c8e5b76d4
SHA512

d931c1fd2cad53245a70884d10c4fcb83ac1293e921350bb91def0227f8ed8f217b27c8dffaed0c58ef51706242326a204d05bc77112dab0e9fbe7f682de09c0
SSDEEP

1536:bs+KLBCVi9NMIYuQASmS0mJJFL/XlvpjJaHxlmJUl60ReWWKI0pj8YQa2odbdt/2:IBqASmSjXy20pjz24TU

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c3bc13cab300f6f1f5f4e66abdf6fa1a04bf97310d5f98fa060fdf5c8e5b76d4
- Size
  
  176KB
- MD5
  
  76daf69d6b2a19c9565d52a326e9a730
- SHA1
  
  7a8e75437957abccb4977578eb61aa056b9715fb
- SHA256
  
  c3bc13cab300f6f1f5f4e66abdf6fa1a04bf97310d5f98fa060fdf5c8e5b76d4
- SHA512
  
  d931c1fd2cad53245a70884d10c4fcb83ac1293e921350bb91def0227f8ed8f217b27c8dffaed0c58ef51706242326a204d05bc77112dab0e9fbe7f682de09c0
- SSDEEP
  
  1536:bs+KLBCVi9NMIYuQASmS0mJJFL/XlvpjJaHxlmJUl60ReWWKI0pj8YQa2odbdt/2:IBqASmSjXy20pjz24TU
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence