0a4c1a5fd72c1b78df6faff0efc6e9a773a233c3768710a6bc95d5e532d39287 | Triage

Sharing

General

Target

0a4c1a5fd72c1b78df6faff0efc6e9a773a233c3768710a6bc95d5e532d39287
Size

160KB
Sample

221029-xr7cnsbhbq
MD5

849a41180540081165edc969b9ae7ea0
SHA1

aeca71635d7717d0e5109abe5f88f1eec6892c32
SHA256

0a4c1a5fd72c1b78df6faff0efc6e9a773a233c3768710a6bc95d5e532d39287
SHA512

0c7b8710a1f2bee1858bc13e337874794aed8e4fb424b599cabc97dc0c8a15a769e59317106f6b3073c99350574682ebc949faf475892fa89b92e1a72704bf34
SSDEEP

1536:x6pK+M/0iv0pBdQrAa/sOf5MFzF0K1/lex4vbLDuumW9I3iYIcdmAhjiKs:x53OOAa/lAFZbLymAFiKs

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0a4c1a5fd72c1b78df6faff0efc6e9a773a233c3768710a6bc95d5e532d39287
- Size
  
  160KB
- MD5
  
  849a41180540081165edc969b9ae7ea0
- SHA1
  
  aeca71635d7717d0e5109abe5f88f1eec6892c32
- SHA256
  
  0a4c1a5fd72c1b78df6faff0efc6e9a773a233c3768710a6bc95d5e532d39287
- SHA512
  
  0c7b8710a1f2bee1858bc13e337874794aed8e4fb424b599cabc97dc0c8a15a769e59317106f6b3073c99350574682ebc949faf475892fa89b92e1a72704bf34
- SSDEEP
  
  1536:x6pK+M/0iv0pBdQrAa/sOf5MFzF0K1/lex4vbLDuumW9I3iYIcdmAhjiKs:x53OOAa/lAFZbLymAFiKs
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence