5cfad71a1d45c70b946770523de44a5ea7ab8252c904e3928865ee6a21c1a464 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5cfad71a1d45c70b946770523de44a5ea7ab8252c904e3928865ee6a21c1a464
Size

216KB
Sample

221020-l9e6cshbh9
MD5

96fb692b742a907912b3785acaa36ed0
SHA1

346fbb8314b467c7f80047633d957a7568154280
SHA256

5cfad71a1d45c70b946770523de44a5ea7ab8252c904e3928865ee6a21c1a464
SHA512

a4f19d75296603ea81383eecfa87cf425d6ed2c73f576159d881384f8715cb6d9fa81cc864409d4cbc16455cd53b565513036bfac7b2fc1aa36127eca0380e50
SSDEEP

3072:ZKqJY3u3uXu9h4961DO+kgbQHOtEOUXsjn2:wuhWaD3kP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5cfad71a1d45c70b946770523de44a5ea7ab8252c904e3928865ee6a21c1a464
- Size
  
  216KB
- MD5
  
  96fb692b742a907912b3785acaa36ed0
- SHA1
  
  346fbb8314b467c7f80047633d957a7568154280
- SHA256
  
  5cfad71a1d45c70b946770523de44a5ea7ab8252c904e3928865ee6a21c1a464
- SHA512
  
  a4f19d75296603ea81383eecfa87cf425d6ed2c73f576159d881384f8715cb6d9fa81cc864409d4cbc16455cd53b565513036bfac7b2fc1aa36127eca0380e50
- SSDEEP
  
  3072:ZKqJY3u3uXu9h4961DO+kgbQHOtEOUXsjn2:wuhWaD3kP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence