458daea3da700786d8c380e9cfb4573e058b204a6e6944e4e4e049c117004b7e | Triage

Sharing

General

Target

458daea3da700786d8c380e9cfb4573e058b204a6e6944e4e4e049c117004b7e
Size

88KB
Sample

221020-b62j3shcb8
MD5

8194c81bd98fa6e654b28185b5f97fe0
SHA1

e44022b362501bb42a22062e773a3ddc934d687b
SHA256

458daea3da700786d8c380e9cfb4573e058b204a6e6944e4e4e049c117004b7e
SHA512

a2058de5be00b354c89cb09d1ab836d4e4758bffbc7d3f1a45809a07613aaf2e5783f3a9fb4ce8ceb3d46d8312e0af1ff75b889b313a55b1b80ae18532e5c7a1
SSDEEP

1536:ZrQw1NHMglFEJ71b/gYmHVwrESBQdGV4kQ:BQGtiJ71bkzGPQ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  458daea3da700786d8c380e9cfb4573e058b204a6e6944e4e4e049c117004b7e
- Size
  
  88KB
- MD5
  
  8194c81bd98fa6e654b28185b5f97fe0
- SHA1
  
  e44022b362501bb42a22062e773a3ddc934d687b
- SHA256
  
  458daea3da700786d8c380e9cfb4573e058b204a6e6944e4e4e049c117004b7e
- SHA512
  
  a2058de5be00b354c89cb09d1ab836d4e4758bffbc7d3f1a45809a07613aaf2e5783f3a9fb4ce8ceb3d46d8312e0af1ff75b889b313a55b1b80ae18532e5c7a1
- SSDEEP
  
  1536:ZrQw1NHMglFEJ71b/gYmHVwrESBQdGV4kQ:BQGtiJ71bkzGPQ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence