5438ba624f1edb7fcaf93ece30692b268395afea59f42d950d21eb8036d8f692 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5438ba624f1edb7fcaf93ece30692b268395afea59f42d950d21eb8036d8f692
Size

156KB
Sample

221020-b3kgdshber
MD5

81689898419788b99b424250d64a3f80
SHA1

eb3a9cf315c731f303358d43c7c14262057a480c
SHA256

5438ba624f1edb7fcaf93ece30692b268395afea59f42d950d21eb8036d8f692
SHA512

3f8ba2f4ed9d42dd7718b11d7826adb9dd4e4fcee7250e96975c8d19d1222f9e531af5b802a788515216b634f2afa21eb88dfe2900fbfed24ab7c64be2df2ac1
SSDEEP

3072:bml0PTYhjIxn+7MxJUbaxI3zQyzLBuT+Hou:jn+7Mxa0yzU

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5438ba624f1edb7fcaf93ece30692b268395afea59f42d950d21eb8036d8f692
- Size
  
  156KB
- MD5
  
  81689898419788b99b424250d64a3f80
- SHA1
  
  eb3a9cf315c731f303358d43c7c14262057a480c
- SHA256
  
  5438ba624f1edb7fcaf93ece30692b268395afea59f42d950d21eb8036d8f692
- SHA512
  
  3f8ba2f4ed9d42dd7718b11d7826adb9dd4e4fcee7250e96975c8d19d1222f9e531af5b802a788515216b634f2afa21eb88dfe2900fbfed24ab7c64be2df2ac1
- SSDEEP
  
  3072:bml0PTYhjIxn+7MxJUbaxI3zQyzLBuT+Hou:jn+7Mxa0yzU
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence