f1f2259975102973e2ad61f062bb9015d28df320e8e69675f45c2d986c06177e | Triage

Sharing

General

Target

f1f2259975102973e2ad61f062bb9015d28df320e8e69675f45c2d986c06177e
Size

352KB
Sample

221020-mcrcsshbgn
MD5

a07dc383e5543de75e501d497334a690
SHA1

d4566cf55df7ade85fc2034ca967fda36269a869
SHA256

f1f2259975102973e2ad61f062bb9015d28df320e8e69675f45c2d986c06177e
SHA512

94a24e40b88fc4f501e9ad27bc662008eff88a8fad35153918a39d9594b0e49e745a60efcd5f1f628fcf872d249fe14ffdf570d6f54fadb684280836918edd1d
SSDEEP

3072:00A2afa1Qbn4DpS41Zr8EbjfmNwXl1RgxfGDP8F2dqMOkeuF7SzoBBXI:vay1Qz4Dp7R8cA0l1RpLtJj7Skn

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f1f2259975102973e2ad61f062bb9015d28df320e8e69675f45c2d986c06177e
- Size
  
  352KB
- MD5
  
  a07dc383e5543de75e501d497334a690
- SHA1
  
  d4566cf55df7ade85fc2034ca967fda36269a869
- SHA256
  
  f1f2259975102973e2ad61f062bb9015d28df320e8e69675f45c2d986c06177e
- SHA512
  
  94a24e40b88fc4f501e9ad27bc662008eff88a8fad35153918a39d9594b0e49e745a60efcd5f1f628fcf872d249fe14ffdf570d6f54fadb684280836918edd1d
- SSDEEP
  
  3072:00A2afa1Qbn4DpS41Zr8EbjfmNwXl1RgxfGDP8F2dqMOkeuF7SzoBBXI:vay1Qz4Dp7R8cA0l1RpLtJj7Skn
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence