5a2f785e29caa532b03df862116986fec7f15ad87d87fbd00f71c85f58023a0f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a2f785e29caa532b03df862116986fec7f15ad87d87fbd00f71c85f58023a0f
Size

272KB
Sample

221030-ab7xyaddbn
MD5

93d29a3cc4f2d97b7e54195fabf0da50
SHA1

1a9ef88d2c9563256580cb09b013e7e2bfb601de
SHA256

5a2f785e29caa532b03df862116986fec7f15ad87d87fbd00f71c85f58023a0f
SHA512

f1c8cf412ca0771ec8a8010bd38b82eae966939592d133cd4108cac28b9594202ad5e013d078c95062c06519a354d8623f513c25526b79603a7baf6503a8b796
SSDEEP

3072:O4h9gmss0FvbVJznCRcz/hVFA9MSs/PLLj+Qm4U3YwgTeA3l34:LAvbfznH7O9G/PLLxU3YwgTb

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5a2f785e29caa532b03df862116986fec7f15ad87d87fbd00f71c85f58023a0f
- Size
  
  272KB
- MD5
  
  93d29a3cc4f2d97b7e54195fabf0da50
- SHA1
  
  1a9ef88d2c9563256580cb09b013e7e2bfb601de
- SHA256
  
  5a2f785e29caa532b03df862116986fec7f15ad87d87fbd00f71c85f58023a0f
- SHA512
  
  f1c8cf412ca0771ec8a8010bd38b82eae966939592d133cd4108cac28b9594202ad5e013d078c95062c06519a354d8623f513c25526b79603a7baf6503a8b796
- SSDEEP
  
  3072:O4h9gmss0FvbVJznCRcz/hVFA9MSs/PLLj+Qm4U3YwgTeA3l34:LAvbfznH7O9G/PLLxU3YwgTb
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence