02ab511f28162944150c9d003638e2d0ed8fc8a86169764198c61799b2c43984 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02ab511f28162944150c9d003638e2d0ed8fc8a86169764198c61799b2c43984
Size

244KB
Sample

221028-wzsc2saecj
MD5

0ca06d0680c6ee2e526bd43b56807363
SHA1

eaca0232a5f749441219fd9c5343c2fb80beaeb5
SHA256

02ab511f28162944150c9d003638e2d0ed8fc8a86169764198c61799b2c43984
SHA512

0d6afc95099e2ee8ffe900132ab0357a95c7f1dde9f6e59b033696bfc34992ed933a18f5be6bb8ba764c12f47f22bb5983c125e025e67420090e40f404085e42
SSDEEP

3072:Zya8u7T9Wfy7o8eM9DQw6IZcorBBT+82uxcYLGV1F+f4aqosA:waf7IIBBTEuEF+f4aqosA

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  02ab511f28162944150c9d003638e2d0ed8fc8a86169764198c61799b2c43984
- Size
  
  244KB
- MD5
  
  0ca06d0680c6ee2e526bd43b56807363
- SHA1
  
  eaca0232a5f749441219fd9c5343c2fb80beaeb5
- SHA256
  
  02ab511f28162944150c9d003638e2d0ed8fc8a86169764198c61799b2c43984
- SHA512
  
  0d6afc95099e2ee8ffe900132ab0357a95c7f1dde9f6e59b033696bfc34992ed933a18f5be6bb8ba764c12f47f22bb5983c125e025e67420090e40f404085e42
- SSDEEP
  
  3072:Zya8u7T9Wfy7o8eM9DQw6IZcorBBT+82uxcYLGV1F+f4aqosA:waf7IIBBTEuEF+f4aqosA
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence