f46222fde3bd0edebb2707a7c8c973821ef51ef3ac1dca956244f987286b4b4d | Triage

Sharing

General

Target

f46222fde3bd0edebb2707a7c8c973821ef51ef3ac1dca956244f987286b4b4d
Size

168KB
Sample

221020-b9nsdshedn
MD5

81838e84366037777af349bf43e84894
SHA1

cb21aee95cbd3da07e7c3e87e6846328fd5c36ed
SHA256

f46222fde3bd0edebb2707a7c8c973821ef51ef3ac1dca956244f987286b4b4d
SHA512

842342952b03f24e328735c89e1438e56543cec1b90afd9fb4fae0c9e7ed244a9297d81381c68a0ac77389cba56ebc150d6a8580e95a9637cc843372042fd868
SSDEEP

3072:ShGs8fEY7SIsyvTlo/11hJl2czGRqxZdxxW95M6:ShGDfEYiQlS1NJG6/xG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f46222fde3bd0edebb2707a7c8c973821ef51ef3ac1dca956244f987286b4b4d
- Size
  
  168KB
- MD5
  
  81838e84366037777af349bf43e84894
- SHA1
  
  cb21aee95cbd3da07e7c3e87e6846328fd5c36ed
- SHA256
  
  f46222fde3bd0edebb2707a7c8c973821ef51ef3ac1dca956244f987286b4b4d
- SHA512
  
  842342952b03f24e328735c89e1438e56543cec1b90afd9fb4fae0c9e7ed244a9297d81381c68a0ac77389cba56ebc150d6a8580e95a9637cc843372042fd868
- SSDEEP
  
  3072:ShGs8fEY7SIsyvTlo/11hJl2czGRqxZdxxW95M6:ShGDfEYiQlS1NJG6/xG
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence