0b52c475563d14298951d9c71956483c3c0d3b50b518cb909e40e12a2256e674 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b52c475563d14298951d9c71956483c3c0d3b50b518cb909e40e12a2256e674
Size

262KB
Sample

221020-mb7y6ahbeq
MD5

960a3966e23b29dacc93fb3f8bb51b00
SHA1

f15952a78b3f18b38d8e37d5aebbb89c6da14b0c
SHA256

0b52c475563d14298951d9c71956483c3c0d3b50b518cb909e40e12a2256e674
SHA512

13fe6cea541b85a5863dcd45a29fd7880bf6420fcbec59bd811802b08a533cb329c8c862240415f85ee8ca3b2bba48ce8f676a5e1178f3ffe9953c10b5469638
SSDEEP

6144:5nu/hxvvVpcVmcOClV7cN1kyymJuc4EQ:5nwdiIAZ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0b52c475563d14298951d9c71956483c3c0d3b50b518cb909e40e12a2256e674
- Size
  
  262KB
- MD5
  
  960a3966e23b29dacc93fb3f8bb51b00
- SHA1
  
  f15952a78b3f18b38d8e37d5aebbb89c6da14b0c
- SHA256
  
  0b52c475563d14298951d9c71956483c3c0d3b50b518cb909e40e12a2256e674
- SHA512
  
  13fe6cea541b85a5863dcd45a29fd7880bf6420fcbec59bd811802b08a533cb329c8c862240415f85ee8ca3b2bba48ce8f676a5e1178f3ffe9953c10b5469638
- SSDEEP
  
  6144:5nu/hxvvVpcVmcOClV7cN1kyymJuc4EQ:5nwdiIAZ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence