9c2d5c2672b61677df2d6b7c0ec3fc3d5f2162af8bbc9c262b59da58880298ba | Triage

Sharing

General

Target

9c2d5c2672b61677df2d6b7c0ec3fc3d5f2162af8bbc9c262b59da58880298ba
Size

212KB
Sample

221020-d799qacfgm
MD5

9f66209a1a9439fed8ee60b302a9fa21
SHA1

362f3f3c8e7918f6f8d8fabe8d8bcb20aebe77d0
SHA256

9c2d5c2672b61677df2d6b7c0ec3fc3d5f2162af8bbc9c262b59da58880298ba
SHA512

872ae2e96f7a39797f3e9aae8004b0de6c9946c66bb8e413ea6ebd1aae1fa24d67742d6a3393093b8ea13324f0706d2d0eaed2115fec847662f430c52e72f184
SSDEEP

3072:nCUTo/0Yxoc0tQ9nLHbB9WPliBs2HWWEakGJm9YD1:nC5T4QxL7B9WPli+yWWEaz/J

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9c2d5c2672b61677df2d6b7c0ec3fc3d5f2162af8bbc9c262b59da58880298ba
- Size
  
  212KB
- MD5
  
  9f66209a1a9439fed8ee60b302a9fa21
- SHA1
  
  362f3f3c8e7918f6f8d8fabe8d8bcb20aebe77d0
- SHA256
  
  9c2d5c2672b61677df2d6b7c0ec3fc3d5f2162af8bbc9c262b59da58880298ba
- SHA512
  
  872ae2e96f7a39797f3e9aae8004b0de6c9946c66bb8e413ea6ebd1aae1fa24d67742d6a3393093b8ea13324f0706d2d0eaed2115fec847662f430c52e72f184
- SSDEEP
  
  3072:nCUTo/0Yxoc0tQ9nLHbB9WPliBs2HWWEakGJm9YD1:nC5T4QxL7B9WPli+yWWEaz/J
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence