b61113a101264a182627e3289814af4e2b8dcf894bc33b79bcfa2a4b4030ca43 | Triage

Sharing

General

Target

b61113a101264a182627e3289814af4e2b8dcf894bc33b79bcfa2a4b4030ca43
Size

228KB
Sample

221029-31amysdcan
MD5

93f30abf52bf32ebf0501735cdc671d5
SHA1

1ad956da1a1b999901c50ace9f8025ffc5a18c02
SHA256

b61113a101264a182627e3289814af4e2b8dcf894bc33b79bcfa2a4b4030ca43
SHA512

20c89e7df16bd0c8437363aa5735034dd83051a17f218b127a5d332662fcdf431fd592c07e867c67019cdb65023fb58ef506c7088b0f982514de24c342e95539
SSDEEP

3072:afC3KOFCsv/CL0ns7bFtRdVWCyiHCN1ps7:v3RIsi1HFj/WCyiHCNfs

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b61113a101264a182627e3289814af4e2b8dcf894bc33b79bcfa2a4b4030ca43
- Size
  
  228KB
- MD5
  
  93f30abf52bf32ebf0501735cdc671d5
- SHA1
  
  1ad956da1a1b999901c50ace9f8025ffc5a18c02
- SHA256
  
  b61113a101264a182627e3289814af4e2b8dcf894bc33b79bcfa2a4b4030ca43
- SHA512
  
  20c89e7df16bd0c8437363aa5735034dd83051a17f218b127a5d332662fcdf431fd592c07e867c67019cdb65023fb58ef506c7088b0f982514de24c342e95539
- SSDEEP
  
  3072:afC3KOFCsv/CL0ns7bFtRdVWCyiHCN1ps7:v3RIsi1HFj/WCyiHCNfs
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence