fac5ed55ce27d053e09a551e152d980e5b0127ac9ca5f1c815bad564738426df | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fac5ed55ce27d053e09a551e152d980e5b0127ac9ca5f1c815bad564738426df
Size

264KB
Sample

221020-bwl2msgfg8
MD5

5cf2e8e27cf1bf0b2bdf2abfa35166c0
SHA1

92edb7b342b30e1b1416e0590eb336a9037e8ea1
SHA256

fac5ed55ce27d053e09a551e152d980e5b0127ac9ca5f1c815bad564738426df
SHA512

81315bb0552fee1227798486a9f60cc287fe56a0db43d4d69cf3c2cdcf00410219f6f65f15034120241ea9ddf07b437efaa591778ba5b742fc098a34e945f854
SSDEEP

6144:tkqPrAEkRlxGdfQ6VuHhB3E+ySPchiJzuXc0P:tkMrkRlEdYFt0P

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fac5ed55ce27d053e09a551e152d980e5b0127ac9ca5f1c815bad564738426df
- Size
  
  264KB
- MD5
  
  5cf2e8e27cf1bf0b2bdf2abfa35166c0
- SHA1
  
  92edb7b342b30e1b1416e0590eb336a9037e8ea1
- SHA256
  
  fac5ed55ce27d053e09a551e152d980e5b0127ac9ca5f1c815bad564738426df
- SHA512
  
  81315bb0552fee1227798486a9f60cc287fe56a0db43d4d69cf3c2cdcf00410219f6f65f15034120241ea9ddf07b437efaa591778ba5b742fc098a34e945f854
- SSDEEP
  
  6144:tkqPrAEkRlxGdfQ6VuHhB3E+ySPchiJzuXc0P:tkMrkRlEdYFt0P
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2