adf98800ba71a1a6bdc5b51889fb4fc866271d9e4a327a5c94bb34ea01c37673 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

adf98800ba71a1a6bdc5b51889fb4fc866271d9e4a327a5c94bb34ea01c37673
Size

272KB
Sample

221020-17pz4sghak
MD5

583f1b9dde7d03853126f56f6d0c1be0
SHA1

07fc7ecce8dd6d85771f126f8936b9655b50d290
SHA256

adf98800ba71a1a6bdc5b51889fb4fc866271d9e4a327a5c94bb34ea01c37673
SHA512

e31bbaba33baa169d2070bb2af9346d1222c6619ea975d5ef30e611f6d3b2be11b0d6d6df52d0cd7cfa8397718e8f375ccd8a256ce8523cf0ad756bb15cc89c4
SSDEEP

3072:F4M9gmss0FvbVJznCRcz/hVFA9MSs/PLLj+Qm4U3YwgTeA3k/H:KJvbfznH7O9G/PLLxU3YwgT4

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  adf98800ba71a1a6bdc5b51889fb4fc866271d9e4a327a5c94bb34ea01c37673
- Size
  
  272KB
- MD5
  
  583f1b9dde7d03853126f56f6d0c1be0
- SHA1
  
  07fc7ecce8dd6d85771f126f8936b9655b50d290
- SHA256
  
  adf98800ba71a1a6bdc5b51889fb4fc866271d9e4a327a5c94bb34ea01c37673
- SHA512
  
  e31bbaba33baa169d2070bb2af9346d1222c6619ea975d5ef30e611f6d3b2be11b0d6d6df52d0cd7cfa8397718e8f375ccd8a256ce8523cf0ad756bb15cc89c4
- SSDEEP
  
  3072:F4M9gmss0FvbVJznCRcz/hVFA9MSs/PLLj+Qm4U3YwgTeA3k/H:KJvbfznH7O9G/PLLxU3YwgT4
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence