0290b7be695f3bc89617620dabcbb820cb76e9b40b841dbb348c43ded28d47e1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0290b7be695f3bc89617620dabcbb820cb76e9b40b841dbb348c43ded28d47e1
Size

236KB
Sample

221020-mdjz4shdh8
MD5

96ff6214d9b5f0b66fb1da1036b98570
SHA1

9c978d5f4516d06be20b0615c52796934590db3c
SHA256

0290b7be695f3bc89617620dabcbb820cb76e9b40b841dbb348c43ded28d47e1
SHA512

d0ba217cdceb1b8870de6f0ea8e193eeafd73c463df6f284f337895cb06155889afb1dffdfc8571e083db35886fc72be6a79cdd31d3b983b56bc32e7667ffb81
SSDEEP

6144:+DaKCiUNxlBDe2WmHioZW+ZigxpEJAYyXSWIc9sKB+:QkLlBDeLmHioZWEigxpYAYlbc9TB+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0290b7be695f3bc89617620dabcbb820cb76e9b40b841dbb348c43ded28d47e1
- Size
  
  236KB
- MD5
  
  96ff6214d9b5f0b66fb1da1036b98570
- SHA1
  
  9c978d5f4516d06be20b0615c52796934590db3c
- SHA256
  
  0290b7be695f3bc89617620dabcbb820cb76e9b40b841dbb348c43ded28d47e1
- SHA512
  
  d0ba217cdceb1b8870de6f0ea8e193eeafd73c463df6f284f337895cb06155889afb1dffdfc8571e083db35886fc72be6a79cdd31d3b983b56bc32e7667ffb81
- SSDEEP
  
  6144:+DaKCiUNxlBDe2WmHioZW+ZigxpEJAYyXSWIc9sKB+:QkLlBDeLmHioZWEigxpYAYlbc9TB+
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence