ca4cf2eb21af4addede0cb8eccf12a6727fd521f2f23a5647a943449df84cbc2 | Triage

Sharing

General

Target

ca4cf2eb21af4addede0cb8eccf12a6727fd521f2f23a5647a943449df84cbc2
Size

212KB
Sample

221029-th1lzsddf9
MD5

a36c0124ac08bf78287a4c88ed88c6d0
SHA1

070ea214ed792e40b93787216396e029df34b6b9
SHA256

ca4cf2eb21af4addede0cb8eccf12a6727fd521f2f23a5647a943449df84cbc2
SHA512

9ae060910d09edf5ffa824160802a402ec2d051515e82747cb553d6d5120d20c264c6aee1eba8180ecfb5908847ec9015db3b4148976ee387c2aeafa0413e8a5
SSDEEP

3072:DALW27jpF/nCd3MiaDN/bG0sCO4FpNkNZran/SA1:sDCd3MiK/SxCO4FpbR

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ca4cf2eb21af4addede0cb8eccf12a6727fd521f2f23a5647a943449df84cbc2
- Size
  
  212KB
- MD5
  
  a36c0124ac08bf78287a4c88ed88c6d0
- SHA1
  
  070ea214ed792e40b93787216396e029df34b6b9
- SHA256
  
  ca4cf2eb21af4addede0cb8eccf12a6727fd521f2f23a5647a943449df84cbc2
- SHA512
  
  9ae060910d09edf5ffa824160802a402ec2d051515e82747cb553d6d5120d20c264c6aee1eba8180ecfb5908847ec9015db3b4148976ee387c2aeafa0413e8a5
- SSDEEP
  
  3072:DALW27jpF/nCd3MiaDN/bG0sCO4FpNkNZran/SA1:sDCd3MiK/SxCO4FpbR
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence