db4358520defd1dab6905049145e53455982b057ad641680d1f48b7a44b640c0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db4358520defd1dab6905049145e53455982b057ad641680d1f48b7a44b640c0
Size

180KB
Sample

221020-cctg2shffq
MD5

81549a40cb0317961a2ff0fc8857636e
SHA1

fc9100df4f45704e9dbbfc70d88eaeb2780fdf6e
SHA256

db4358520defd1dab6905049145e53455982b057ad641680d1f48b7a44b640c0
SHA512

dd84e0e498ab976a0d8820fdff6b6a8e5bee16f1fefb57395032623eaab02f7c6e311c8b52d8ea61af69949ae95e3f9b73a1f6f366cfa39abe1b942a5e548163
SSDEEP

3072:6FK1a1MlttMFz8o+F334VSlkfoyHYb/zCHPEhg5JN8x+eDfcAuQPUSZ5ulE:6FR1MltKaJkHHYb/zCHPEhg5JN8x+eD6

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  db4358520defd1dab6905049145e53455982b057ad641680d1f48b7a44b640c0
- Size
  
  180KB
- MD5
  
  81549a40cb0317961a2ff0fc8857636e
- SHA1
  
  fc9100df4f45704e9dbbfc70d88eaeb2780fdf6e
- SHA256
  
  db4358520defd1dab6905049145e53455982b057ad641680d1f48b7a44b640c0
- SHA512
  
  dd84e0e498ab976a0d8820fdff6b6a8e5bee16f1fefb57395032623eaab02f7c6e311c8b52d8ea61af69949ae95e3f9b73a1f6f366cfa39abe1b942a5e548163
- SSDEEP
  
  3072:6FK1a1MlttMFz8o+F334VSlkfoyHYb/zCHPEhg5JN8x+eDfcAuQPUSZ5ulE:6FR1MltKaJkHHYb/zCHPEhg5JN8x+eD6
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence