460a6fd9bd30ffccb0b15da436dece0bc2f3dd1c30a7df6981742ca937817ca8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

460a6fd9bd30ffccb0b15da436dece0bc2f3dd1c30a7df6981742ca937817ca8
Size

159KB
Sample

221029-mrr8mscfd5
MD5

da5b3b6418588dc7c5ad59ecc85b14a0
SHA1

c6b71335df8809850d020b9d3fa7e00065a68263
SHA256

460a6fd9bd30ffccb0b15da436dece0bc2f3dd1c30a7df6981742ca937817ca8
SHA512

4b099e358b56b9cde1a948d23f5411278429855944c50bc11b01d8d547c33ef854cd0f27c610cb06ebb8abf4bf79d110d5f106b550ab8f5768956c4568cd8dba
SSDEEP

1536:SV9SQuhAoilzokdnN6W9UVqeSuPhP3Fb4+DBfsK0af5IX96mfOC1zlrdsUwE7RjN:M1LoilzxyqGwoKxf

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  460a6fd9bd30ffccb0b15da436dece0bc2f3dd1c30a7df6981742ca937817ca8
- Size
  
  159KB
- MD5
  
  da5b3b6418588dc7c5ad59ecc85b14a0
- SHA1
  
  c6b71335df8809850d020b9d3fa7e00065a68263
- SHA256
  
  460a6fd9bd30ffccb0b15da436dece0bc2f3dd1c30a7df6981742ca937817ca8
- SHA512
  
  4b099e358b56b9cde1a948d23f5411278429855944c50bc11b01d8d547c33ef854cd0f27c610cb06ebb8abf4bf79d110d5f106b550ab8f5768956c4568cd8dba
- SSDEEP
  
  1536:SV9SQuhAoilzokdnN6W9UVqeSuPhP3Fb4+DBfsK0af5IX96mfOC1zlrdsUwE7RjN:M1LoilzxyqGwoKxf
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence