abcbb41b3385cc1f5c9065680742d4314f9f8f68cad118fe12359bae05929224 | Triage

Sharing

General

Target

abcbb41b3385cc1f5c9065680742d4314f9f8f68cad118fe12359bae05929224
Size

256KB
Sample

221029-w4pgysafal
MD5

83a749e690c3701671b4bbfb8fd90fce
SHA1

5c8e950247db888df6c5c21a17120147df416972
SHA256

abcbb41b3385cc1f5c9065680742d4314f9f8f68cad118fe12359bae05929224
SHA512

b45135bc94133bfba002ece9a6257ab76028aca2ce11e8608a3d00d52773645231f527afc6ce8ed9ac8b6fe77f0b9f805342e5b79e2a653ac95455593315c101
SSDEEP

3072:4TGfWRrIMNRlZ62Pal2LBJXmzOHm5WZ3K+MCagdOY39cBKaRr5xwPVB:4yepp3PJXCOGY3eqOY39cBE

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  abcbb41b3385cc1f5c9065680742d4314f9f8f68cad118fe12359bae05929224
- Size
  
  256KB
- MD5
  
  83a749e690c3701671b4bbfb8fd90fce
- SHA1
  
  5c8e950247db888df6c5c21a17120147df416972
- SHA256
  
  abcbb41b3385cc1f5c9065680742d4314f9f8f68cad118fe12359bae05929224
- SHA512
  
  b45135bc94133bfba002ece9a6257ab76028aca2ce11e8608a3d00d52773645231f527afc6ce8ed9ac8b6fe77f0b9f805342e5b79e2a653ac95455593315c101
- SSDEEP
  
  3072:4TGfWRrIMNRlZ62Pal2LBJXmzOHm5WZ3K+MCagdOY39cBKaRr5xwPVB:4yepp3PJXCOGY3eqOY39cBE
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence