acdfb58f1cb9493ec9300d41d3f1b2b6b6c4b48420b11ea699a808efed06ac27 | Triage

Sharing

General

Target

acdfb58f1cb9493ec9300d41d3f1b2b6b6c4b48420b11ea699a808efed06ac27
Size

256KB
Sample

221020-e5p2faeaf6
MD5

5ceab854db239d025d315422f9bc9cc0
SHA1

7548ea4b20269c32051a54c20f6317308112e54b
SHA256

acdfb58f1cb9493ec9300d41d3f1b2b6b6c4b48420b11ea699a808efed06ac27
SHA512

e588d7abcc4c77091a4583f8f0aac6c08ae55e277da2c2aa87c703bc8df664056d60799d9bf22b790eda0d517e5975c3bc76de84dc2594e56d276459d9d081f7
SSDEEP

3072:f0bfWRrIMNRlZ62Pal2LBJXmzOHm5WZ3K+MCxOQ39cOaRr5ZGPVB:fWepp3PJXCOGY3eAOQ39cC

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  acdfb58f1cb9493ec9300d41d3f1b2b6b6c4b48420b11ea699a808efed06ac27
- Size
  
  256KB
- MD5
  
  5ceab854db239d025d315422f9bc9cc0
- SHA1
  
  7548ea4b20269c32051a54c20f6317308112e54b
- SHA256
  
  acdfb58f1cb9493ec9300d41d3f1b2b6b6c4b48420b11ea699a808efed06ac27
- SHA512
  
  e588d7abcc4c77091a4583f8f0aac6c08ae55e277da2c2aa87c703bc8df664056d60799d9bf22b790eda0d517e5975c3bc76de84dc2594e56d276459d9d081f7
- SSDEEP
  
  3072:f0bfWRrIMNRlZ62Pal2LBJXmzOHm5WZ3K+MCxOQ39cOaRr5ZGPVB:fWepp3PJXCOGY3eAOQ39cC
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence