c55bf0dce723e6dbdfc9f2a3a2e23718cb24574428f9b958054be83f44c25f06 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c55bf0dce723e6dbdfc9f2a3a2e23718cb24574428f9b958054be83f44c25f06
Size

180KB
Sample

221029-mjm9qadbbk
MD5

c9ae871c7e5f4f1b9d69598a3879d9a8
SHA1

af987a023cfeae1a5c34092cc7d5f9809b87accb
SHA256

c55bf0dce723e6dbdfc9f2a3a2e23718cb24574428f9b958054be83f44c25f06
SHA512

d96e5670bddfd31fc1a4bda9d30337f9596b493340600836b6763e1e83623f9e48a14157e119f364f79fc8b3c47d91920dabc360dd03cc30765e183048b61886
SSDEEP

3072:ZySdVAXY71idPAaWELGzMshNXTDFE+7jF6XTQP:ZySzAY+oXqFshNTDT756XT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c55bf0dce723e6dbdfc9f2a3a2e23718cb24574428f9b958054be83f44c25f06
- Size
  
  180KB
- MD5
  
  c9ae871c7e5f4f1b9d69598a3879d9a8
- SHA1
  
  af987a023cfeae1a5c34092cc7d5f9809b87accb
- SHA256
  
  c55bf0dce723e6dbdfc9f2a3a2e23718cb24574428f9b958054be83f44c25f06
- SHA512
  
  d96e5670bddfd31fc1a4bda9d30337f9596b493340600836b6763e1e83623f9e48a14157e119f364f79fc8b3c47d91920dabc360dd03cc30765e183048b61886
- SSDEEP
  
  3072:ZySdVAXY71idPAaWELGzMshNXTDFE+7jF6XTQP:ZySzAY+oXqFshNTDT756XT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence