df38c880b1b23b9159ad155a964603c627c779e3574805c216eaad1d9223089c | Triage

Sharing

General

Target

df38c880b1b23b9159ad155a964603c627c779e3574805c216eaad1d9223089c
Size

232KB
Sample

221020-ma5gmshcg8
MD5

96a38593ebeaa8626ec158c8080b9019
SHA1

7ba1cb02ae2051f2831c6b188bcb0928e84869a5
SHA256

df38c880b1b23b9159ad155a964603c627c779e3574805c216eaad1d9223089c
SHA512

2d24d659a23d7f733c797100016d47850028a7fe5b1e562f800a6237725fd8bd981c76eb494f99a375c6776e52fe4bdbb57bae4ca0691d4ad45201dc9a1a213a
SSDEEP

3072:GtAKE9tF8lsa+QWYCs5fDF4LJSImbV8UvR77D9G5UEDVR/bwutUqQJ8tIq:G0tnQzbF4NN28UJ77hGGED/bbJtF

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  df38c880b1b23b9159ad155a964603c627c779e3574805c216eaad1d9223089c
- Size
  
  232KB
- MD5
  
  96a38593ebeaa8626ec158c8080b9019
- SHA1
  
  7ba1cb02ae2051f2831c6b188bcb0928e84869a5
- SHA256
  
  df38c880b1b23b9159ad155a964603c627c779e3574805c216eaad1d9223089c
- SHA512
  
  2d24d659a23d7f733c797100016d47850028a7fe5b1e562f800a6237725fd8bd981c76eb494f99a375c6776e52fe4bdbb57bae4ca0691d4ad45201dc9a1a213a
- SSDEEP
  
  3072:GtAKE9tF8lsa+QWYCs5fDF4LJSImbV8UvR77D9G5UEDVR/bwutUqQJ8tIq:G0tnQzbF4NN28UJ77hGGED/bbJtF
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence