fc0a37bab166b6b99826f9e1087e43e09b79d86c2f1e942e07569bd3d864201d | Triage

Sharing

General

Target

fc0a37bab166b6b99826f9e1087e43e09b79d86c2f1e942e07569bd3d864201d
Size

80KB
Sample

221020-r4axcaacd3
MD5

a028eccae6fec327ee50abc02cc74e80
SHA1

b183d09b18a39c2fe4a2d047a63737f0f0c2f471
SHA256

fc0a37bab166b6b99826f9e1087e43e09b79d86c2f1e942e07569bd3d864201d
SHA512

eddbfa9023309526bec8030be5235d02fce450ccc29d4f1e31a7c509952341d526430e351b7665cf4f7034093315116ac53698c049c5f401a32616b84ba8fbec
SSDEEP

1536:7q7wLsgwvKGlTGQxguIxZTAxocTzFJ0T72VpsG:OoTwvrKxZiBTzFJ0T72AG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fc0a37bab166b6b99826f9e1087e43e09b79d86c2f1e942e07569bd3d864201d
- Size
  
  80KB
- MD5
  
  a028eccae6fec327ee50abc02cc74e80
- SHA1
  
  b183d09b18a39c2fe4a2d047a63737f0f0c2f471
- SHA256
  
  fc0a37bab166b6b99826f9e1087e43e09b79d86c2f1e942e07569bd3d864201d
- SHA512
  
  eddbfa9023309526bec8030be5235d02fce450ccc29d4f1e31a7c509952341d526430e351b7665cf4f7034093315116ac53698c049c5f401a32616b84ba8fbec
- SSDEEP
  
  1536:7q7wLsgwvKGlTGQxguIxZTAxocTzFJ0T72VpsG:OoTwvrKxZiBTzFJ0T72AG
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence