53de5955be67659d2d911e9d6c42ccf9ff7e003d1792a9d2a924e5210df0ae2c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

53de5955be67659d2d911e9d6c42ccf9ff7e003d1792a9d2a924e5210df0ae2c
Size

272KB
Sample

221020-b3k3xshaf4
MD5

726790f694174df5f4b5f88ec3b3e580
SHA1

e0460f35d93df6fb2adc05df76ddc8be223150b4
SHA256

53de5955be67659d2d911e9d6c42ccf9ff7e003d1792a9d2a924e5210df0ae2c
SHA512

22b9e15342a33c84104b84701e29391e934e888bb02009204c24a3224d55c60a2654754f438844c90471ea437cd6d3a0996cb43fc83dd66b14f799c98e4e5746
SSDEEP

3072:I4V9gmss0FvbVJznCRcz/hVFA9MSs/PLLj+Qm4U3YwgTeA3QX:BUvbfznH7O9G/PLLxU3YwgT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  53de5955be67659d2d911e9d6c42ccf9ff7e003d1792a9d2a924e5210df0ae2c
- Size
  
  272KB
- MD5
  
  726790f694174df5f4b5f88ec3b3e580
- SHA1
  
  e0460f35d93df6fb2adc05df76ddc8be223150b4
- SHA256
  
  53de5955be67659d2d911e9d6c42ccf9ff7e003d1792a9d2a924e5210df0ae2c
- SHA512
  
  22b9e15342a33c84104b84701e29391e934e888bb02009204c24a3224d55c60a2654754f438844c90471ea437cd6d3a0996cb43fc83dd66b14f799c98e4e5746
- SSDEEP
  
  3072:I4V9gmss0FvbVJznCRcz/hVFA9MSs/PLLj+Qm4U3YwgTeA3QX:BUvbfznH7O9G/PLLxU3YwgT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence