4c06e23b654a262f84fa6a6b86a45661fd8796488615c595fd3cf8f02e2bdd30 | Triage

Sharing

General

Target

4c06e23b654a262f84fa6a6b86a45661fd8796488615c595fd3cf8f02e2bdd30
Size

132KB
Sample

221020-2ywxqsadc9
MD5

11eb4fe9a802a2558fe30d5605efa14c
SHA1

f4b81f5a5345abe942cae97a83178be3d84cb21b
SHA256

4c06e23b654a262f84fa6a6b86a45661fd8796488615c595fd3cf8f02e2bdd30
SHA512

c28ec3b65e30ea8e5ec9986dce5b0d64262993299a400eaef2ce909192dbb2100d059d5cc28bfd1b09d1e71a4866ad63a86cca2c3c1f694b262c9e48f56431d7
SSDEEP

3072:Sl1Gz1nCoHwmFKULQIyZeIJ5jjL1ps/efrKqHo:Sl1S7PkQ3seajPvsc2C

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4c06e23b654a262f84fa6a6b86a45661fd8796488615c595fd3cf8f02e2bdd30
- Size
  
  132KB
- MD5
  
  11eb4fe9a802a2558fe30d5605efa14c
- SHA1
  
  f4b81f5a5345abe942cae97a83178be3d84cb21b
- SHA256
  
  4c06e23b654a262f84fa6a6b86a45661fd8796488615c595fd3cf8f02e2bdd30
- SHA512
  
  c28ec3b65e30ea8e5ec9986dce5b0d64262993299a400eaef2ce909192dbb2100d059d5cc28bfd1b09d1e71a4866ad63a86cca2c3c1f694b262c9e48f56431d7
- SSDEEP
  
  3072:Sl1Gz1nCoHwmFKULQIyZeIJ5jjL1ps/efrKqHo:Sl1S7PkQ3seajPvsc2C
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence