0a0c6080f59495d5065a66663a5520f68e4a1fcf3f374ce927315a440985398f | Triage

Sharing

General

Target

0a0c6080f59495d5065a66663a5520f68e4a1fcf3f374ce927315a440985398f
Size

196KB
Sample

221028-wzrfraaae9
MD5

0acd11494a9a4a5a59ebac63cb821471
SHA1

ae1d09b1cc2cb3550fe2afb5af2c27586e77109c
SHA256

0a0c6080f59495d5065a66663a5520f68e4a1fcf3f374ce927315a440985398f
SHA512

a51946c0a840514bd3d89f7f3c0164d0da5e21c78f29b0cec61d8e6cea4189c69e2c218ca85d34ed132db31c95527949b951437e27882ee026f40cc66680373d
SSDEEP

3072:poqf1cFw2sGamVYkECx673kN0GNMLc5LAf9pMuUBcL41FYcJlA:pRSamuDCx673kNbMLhHMcL41k

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0a0c6080f59495d5065a66663a5520f68e4a1fcf3f374ce927315a440985398f
- Size
  
  196KB
- MD5
  
  0acd11494a9a4a5a59ebac63cb821471
- SHA1
  
  ae1d09b1cc2cb3550fe2afb5af2c27586e77109c
- SHA256
  
  0a0c6080f59495d5065a66663a5520f68e4a1fcf3f374ce927315a440985398f
- SHA512
  
  a51946c0a840514bd3d89f7f3c0164d0da5e21c78f29b0cec61d8e6cea4189c69e2c218ca85d34ed132db31c95527949b951437e27882ee026f40cc66680373d
- SSDEEP
  
  3072:poqf1cFw2sGamVYkECx673kN0GNMLc5LAf9pMuUBcL41FYcJlA:pRSamuDCx673kNbMLhHMcL41k
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence