f93c68970d08981ed0bde3893da64482a88bce8d1587c085c0ed806e2a9d2470 | Triage

Sharing

General

Target

f93c68970d08981ed0bde3893da64482a88bce8d1587c085c0ed806e2a9d2470
Size

140KB
Sample

221020-mafhhshcd9
MD5

8105ddb3424410d0976541ce8ccc1180
SHA1

9f8218beda4df48045eee3dde10eeba91ee98b8f
SHA256

f93c68970d08981ed0bde3893da64482a88bce8d1587c085c0ed806e2a9d2470
SHA512

85326db45adc72e144fa8b3a678bbdc9386fd3cabfd8973963652c5718a0c92f982bd8fb002b41f91bf519cc917e0eb2f2bf65de23289d74abcbb921e739a092
SSDEEP

3072:uu57vfo1bhEHcml4TlcKZukAIX09ZfUsHOQBRSc:uGvfkVE8ml4GK8iUfvR

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f93c68970d08981ed0bde3893da64482a88bce8d1587c085c0ed806e2a9d2470
- Size
  
  140KB
- MD5
  
  8105ddb3424410d0976541ce8ccc1180
- SHA1
  
  9f8218beda4df48045eee3dde10eeba91ee98b8f
- SHA256
  
  f93c68970d08981ed0bde3893da64482a88bce8d1587c085c0ed806e2a9d2470
- SHA512
  
  85326db45adc72e144fa8b3a678bbdc9386fd3cabfd8973963652c5718a0c92f982bd8fb002b41f91bf519cc917e0eb2f2bf65de23289d74abcbb921e739a092
- SSDEEP
  
  3072:uu57vfo1bhEHcml4TlcKZukAIX09ZfUsHOQBRSc:uGvfkVE8ml4GK8iUfvR
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence