5b3030a61534330ecefb6b38f246d829af7223faac6e59b19421951a3b38f0b8 | Triage

Sharing

General

Target

5b3030a61534330ecefb6b38f246d829af7223faac6e59b19421951a3b38f0b8
Size

184KB
Sample

221020-sph5vabdb9
MD5

a05c276308be85cf83c9203e1f913700
SHA1

d877f37b3b626679c652cef69c5e89efbef303c6
SHA256

5b3030a61534330ecefb6b38f246d829af7223faac6e59b19421951a3b38f0b8
SHA512

5daab2daf74393ded5a9a4bd6d356c45b97f63eeca7b85f8c08c23b275a36cfed66a1ab3b78f6af0307f7f3fb7b1042f1d8c58b74d2010d3d70c34d04dc17cb9
SSDEEP

3072:6DGXZ4xu7o897rl2Y4HpRSQ8nsl8Koay6VUSB:PGulF8HpRpAKoahVUs

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5b3030a61534330ecefb6b38f246d829af7223faac6e59b19421951a3b38f0b8
- Size
  
  184KB
- MD5
  
  a05c276308be85cf83c9203e1f913700
- SHA1
  
  d877f37b3b626679c652cef69c5e89efbef303c6
- SHA256
  
  5b3030a61534330ecefb6b38f246d829af7223faac6e59b19421951a3b38f0b8
- SHA512
  
  5daab2daf74393ded5a9a4bd6d356c45b97f63eeca7b85f8c08c23b275a36cfed66a1ab3b78f6af0307f7f3fb7b1042f1d8c58b74d2010d3d70c34d04dc17cb9
- SSDEEP
  
  3072:6DGXZ4xu7o897rl2Y4HpRSQ8nsl8Koay6VUSB:PGulF8HpRpAKoahVUs
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence