a7c117e2aa7ac0549698c8b35b5669290fbc4849db5e88f59a41b6b4414a458d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7c117e2aa7ac0549698c8b35b5669290fbc4849db5e88f59a41b6b4414a458d
Size

204KB
Sample

221020-bzzf5sghd9
MD5

80dee7e0f3cbf9b894caf2eb76e674b0
SHA1

f47bd96bff96f8b928991a986c3acc98b043ccf5
SHA256

a7c117e2aa7ac0549698c8b35b5669290fbc4849db5e88f59a41b6b4414a458d
SHA512

6f1c08be530c22682e3dc1ded2dec3cbb6de6eedc7c6998a2452001f98f180430e8310b443052e5b5b99eb9566afff82cd28998db970052be4d5b8a03e7d9409
SSDEEP

3072:lmFW8n0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWV1Q:cUQ4QxL7B9W0c1RCzR/fSmluu

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a7c117e2aa7ac0549698c8b35b5669290fbc4849db5e88f59a41b6b4414a458d
- Size
  
  204KB
- MD5
  
  80dee7e0f3cbf9b894caf2eb76e674b0
- SHA1
  
  f47bd96bff96f8b928991a986c3acc98b043ccf5
- SHA256
  
  a7c117e2aa7ac0549698c8b35b5669290fbc4849db5e88f59a41b6b4414a458d
- SHA512
  
  6f1c08be530c22682e3dc1ded2dec3cbb6de6eedc7c6998a2452001f98f180430e8310b443052e5b5b99eb9566afff82cd28998db970052be4d5b8a03e7d9409
- SSDEEP
  
  3072:lmFW8n0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWV1Q:cUQ4QxL7B9W0c1RCzR/fSmluu
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence