399ae129b70e02db67d2ea0f23d841e3446ad5b6796fae78fc30afba5c3fa9b0 | Triage

Sharing

General

Target

399ae129b70e02db67d2ea0f23d841e3446ad5b6796fae78fc30afba5c3fa9b0
Size

316KB
Sample

221020-b9j47shedj
MD5

804b3d6995918f4af1ef931e1fcc5d30
SHA1

93d9ad359c02fb8e6318ed7a1350759748779111
SHA256

399ae129b70e02db67d2ea0f23d841e3446ad5b6796fae78fc30afba5c3fa9b0
SHA512

20ca027b000ecb412cf8ed56fc3586d3517cf9346e6419e72162ba2e9d80599dedda1824ece9e6ac0b29a7a7d2eff176b330441c8479a225cfcc6ee7659bc679
SSDEEP

6144:s/JVYOayCTEtWff9nQMdkxIV0OQotoBOm8ntGUcF6/DsEfNXqkEL+:eJVYOy9YxIToYmtyIx+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  399ae129b70e02db67d2ea0f23d841e3446ad5b6796fae78fc30afba5c3fa9b0
- Size
  
  316KB
- MD5
  
  804b3d6995918f4af1ef931e1fcc5d30
- SHA1
  
  93d9ad359c02fb8e6318ed7a1350759748779111
- SHA256
  
  399ae129b70e02db67d2ea0f23d841e3446ad5b6796fae78fc30afba5c3fa9b0
- SHA512
  
  20ca027b000ecb412cf8ed56fc3586d3517cf9346e6419e72162ba2e9d80599dedda1824ece9e6ac0b29a7a7d2eff176b330441c8479a225cfcc6ee7659bc679
- SSDEEP
  
  6144:s/JVYOayCTEtWff9nQMdkxIV0OQotoBOm8ntGUcF6/DsEfNXqkEL+:eJVYOy9YxIToYmtyIx+
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence