f5ffd8ba975a1fc90bf2a5eb896b5679849a8649e4c5adf03c6c79a311561f2f | Triage

Sharing

General

Target

f5ffd8ba975a1fc90bf2a5eb896b5679849a8649e4c5adf03c6c79a311561f2f
Size

240KB
Sample

221029-3xv5gsdahm
MD5

93c36d046d631942a2c2e787b1cb495e
SHA1

ace2a91de64b94a08c665e51d2ab71423fc23b98
SHA256

f5ffd8ba975a1fc90bf2a5eb896b5679849a8649e4c5adf03c6c79a311561f2f
SHA512

415fa35558a30a16e28484cee430b39f39cc6b0fc625de8cba8223fa50d433568acaa43482949ad5cee27ff6358fef9c31e471b1bcf0653b665850c18f893cff
SSDEEP

6144:Ce3dwqsNTNEXGlQRayEqxF6snji81RUinKq3aEEDliDA3:CMdQKj3aEEwE

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f5ffd8ba975a1fc90bf2a5eb896b5679849a8649e4c5adf03c6c79a311561f2f
- Size
  
  240KB
- MD5
  
  93c36d046d631942a2c2e787b1cb495e
- SHA1
  
  ace2a91de64b94a08c665e51d2ab71423fc23b98
- SHA256
  
  f5ffd8ba975a1fc90bf2a5eb896b5679849a8649e4c5adf03c6c79a311561f2f
- SHA512
  
  415fa35558a30a16e28484cee430b39f39cc6b0fc625de8cba8223fa50d433568acaa43482949ad5cee27ff6358fef9c31e471b1bcf0653b665850c18f893cff
- SSDEEP
  
  6144:Ce3dwqsNTNEXGlQRayEqxF6snji81RUinKq3aEEDliDA3:CMdQKj3aEEwE
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence