80f04e81f974308f7d148a73e3cd69d1fab17969272fef7d911b9cde82063ebd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

80f04e81f974308f7d148a73e3cd69d1fab17969272fef7d911b9cde82063ebd
Size

244KB
Sample

221021-c73zzahacn
MD5

609b1c9111c41bbf9d9d6b5062b7f49a
SHA1

b5e4c257f7102d0d75108952b2be73152bc47d10
SHA256

80f04e81f974308f7d148a73e3cd69d1fab17969272fef7d911b9cde82063ebd
SHA512

ffe8fa9207139ec0fa9dd77d7147cecb1b20a0eb2fbe2f92d7cc3692d4ae3447dbaac5bc087df4ad8db69b0fbe0db8d05797290172e3747a38b11c203d56975a
SSDEEP

6144:B+w8DFe0qip4r1XNOmNBLxAG7H59R7g0fY4rGK/fObT/bGijVq1Wzr/+mNGXnFGi:BV8DFe0qip4rZNOm3FAG7H59R7g0fY4f

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  80f04e81f974308f7d148a73e3cd69d1fab17969272fef7d911b9cde82063ebd
- Size
  
  244KB
- MD5
  
  609b1c9111c41bbf9d9d6b5062b7f49a
- SHA1
  
  b5e4c257f7102d0d75108952b2be73152bc47d10
- SHA256
  
  80f04e81f974308f7d148a73e3cd69d1fab17969272fef7d911b9cde82063ebd
- SHA512
  
  ffe8fa9207139ec0fa9dd77d7147cecb1b20a0eb2fbe2f92d7cc3692d4ae3447dbaac5bc087df4ad8db69b0fbe0db8d05797290172e3747a38b11c203d56975a
- SSDEEP
  
  6144:B+w8DFe0qip4r1XNOmNBLxAG7H59R7g0fY4rGK/fObT/bGijVq1Wzr/+mNGXnFGi:BV8DFe0qip4rZNOm3FAG7H59R7g0fY4f
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence