b88b5a16ac06c8c419e48aee0c7336999d7ba367a04cafd29daec2d54591f2b3 | Triage

Sharing

General

Target

b88b5a16ac06c8c419e48aee0c7336999d7ba367a04cafd29daec2d54591f2b3
Size

212KB
Sample

221029-tjnc2sdea7
MD5

4bd3f3b6f667a748a232877d6d3ee2a0
SHA1

17e2f022911e2eb968a8f3d7a690e40f3744682c
SHA256

b88b5a16ac06c8c419e48aee0c7336999d7ba367a04cafd29daec2d54591f2b3
SHA512

1b609d31b4c1e622a51ae03e8bef52e409282b7a5943dff29792ba78dac76dc0e9bf582832cda066279d5aa2dd8cffc81d5b9e2fc23eaef292b12e41edeb4740
SSDEEP

3072:mVbPD2g8h7kvHYJJEbncAXp4wiY3fXfLqus2RrMh9VsgV2Ksb+ET8/3TYhPR+fAu:i87kvHYJ4tdysb+duWMs

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b88b5a16ac06c8c419e48aee0c7336999d7ba367a04cafd29daec2d54591f2b3
- Size
  
  212KB
- MD5
  
  4bd3f3b6f667a748a232877d6d3ee2a0
- SHA1
  
  17e2f022911e2eb968a8f3d7a690e40f3744682c
- SHA256
  
  b88b5a16ac06c8c419e48aee0c7336999d7ba367a04cafd29daec2d54591f2b3
- SHA512
  
  1b609d31b4c1e622a51ae03e8bef52e409282b7a5943dff29792ba78dac76dc0e9bf582832cda066279d5aa2dd8cffc81d5b9e2fc23eaef292b12e41edeb4740
- SSDEEP
  
  3072:mVbPD2g8h7kvHYJJEbncAXp4wiY3fXfLqus2RrMh9VsgV2Ksb+ET8/3TYhPR+fAu:i87kvHYJ4tdysb+duWMs
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence