0d5f3e1a7b6d9f2f4c468b1fb509093f7b0d89a91ab679e08d4e91cc0ee25fbb | Triage

Sharing

General

Target

0d5f3e1a7b6d9f2f4c468b1fb509093f7b0d89a91ab679e08d4e91cc0ee25fbb
Size

244KB
Sample

221020-2hch6aheg5
MD5

69297373833a72e5a0b255292aba74f2
SHA1

3686d43dbc500f7e9498e3de24b232a42e38bcf5
SHA256

0d5f3e1a7b6d9f2f4c468b1fb509093f7b0d89a91ab679e08d4e91cc0ee25fbb
SHA512

aa1e06b88a67703fd9e4841860cbf32187bbcd09e6dda4d546f11d000567e16be555b9c4b3b85ec878f81c82122d248a73d6934efedd844fd3aec6d7d6fbebe2
SSDEEP

3072:bhPBdF9sROnFQWI5yIuSP9lqVinU3bp/PTm2moJ6BwA+GABMndgIq66:bhJdFjI7PnqVinU3bw2moJ6WAdgn7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0d5f3e1a7b6d9f2f4c468b1fb509093f7b0d89a91ab679e08d4e91cc0ee25fbb
- Size
  
  244KB
- MD5
  
  69297373833a72e5a0b255292aba74f2
- SHA1
  
  3686d43dbc500f7e9498e3de24b232a42e38bcf5
- SHA256
  
  0d5f3e1a7b6d9f2f4c468b1fb509093f7b0d89a91ab679e08d4e91cc0ee25fbb
- SHA512
  
  aa1e06b88a67703fd9e4841860cbf32187bbcd09e6dda4d546f11d000567e16be555b9c4b3b85ec878f81c82122d248a73d6934efedd844fd3aec6d7d6fbebe2
- SSDEEP
  
  3072:bhPBdF9sROnFQWI5yIuSP9lqVinU3bp/PTm2moJ6BwA+GABMndgIq66:bhJdFjI7PnqVinU3bw2moJ6WAdgn7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence