95ce6a04e26d4adf72b63c0c84ab04f27d34175d923d8450d590940374b5d13b | Triage

Sharing

General

Target

95ce6a04e26d4adf72b63c0c84ab04f27d34175d923d8450d590940374b5d13b
Size

228KB
Sample

221020-car67shegq
MD5

70491582e2f585f49e445c92b6e5ce20
SHA1

f5ab02ab8c465324fe43f221de3177b1cf91a6cb
SHA256

95ce6a04e26d4adf72b63c0c84ab04f27d34175d923d8450d590940374b5d13b
SHA512

d73c89340f05dd2385bd82e88ba19ecb19c1a2c997139b0a39919c11a582a5d6c4ece501985b11f81378375f5abb9adc97fbc8ac4b47a75a38fe57c228b4fb89
SSDEEP

6144:1LoOYQfQolHQDinWTZqAukQJ3aCynEMOgL8y6Ero:t0nDinWTYAukQJ3pynEMOgL8y6R

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  95ce6a04e26d4adf72b63c0c84ab04f27d34175d923d8450d590940374b5d13b
- Size
  
  228KB
- MD5
  
  70491582e2f585f49e445c92b6e5ce20
- SHA1
  
  f5ab02ab8c465324fe43f221de3177b1cf91a6cb
- SHA256
  
  95ce6a04e26d4adf72b63c0c84ab04f27d34175d923d8450d590940374b5d13b
- SHA512
  
  d73c89340f05dd2385bd82e88ba19ecb19c1a2c997139b0a39919c11a582a5d6c4ece501985b11f81378375f5abb9adc97fbc8ac4b47a75a38fe57c228b4fb89
- SSDEEP
  
  6144:1LoOYQfQolHQDinWTZqAukQJ3aCynEMOgL8y6Ero:t0nDinWTYAukQJ3pynEMOgL8y6R
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence