218ec18bafd5b37867ebfefb9f64a895acccf4d644fb145cbb13e7faf3997df9 | Triage

Sharing

General

Target

218ec18bafd5b37867ebfefb9f64a895acccf4d644fb145cbb13e7faf3997df9
Size

100KB
Sample

221030-adxvraddhk
MD5

9323ee8b5542f33fe64aed57a025c16e
SHA1

0dc7407687f5711658d1df20a2e79005b8140c67
SHA256

218ec18bafd5b37867ebfefb9f64a895acccf4d644fb145cbb13e7faf3997df9
SHA512

0d215cb1ff96e573da830cabd618e4c7005bf4d700cf66af20b825fecf977b014f120245a058d05d8923297eed5eca3117fa9951352c365584bf1331439ab59e
SSDEEP

1536:Zt28iAuismywsl96Lw0wF9MGM9K/oKtNgCMbA1bL3N+NM5UfONIjnZR+:+D6/KLOM5FCnb+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  218ec18bafd5b37867ebfefb9f64a895acccf4d644fb145cbb13e7faf3997df9
- Size
  
  100KB
- MD5
  
  9323ee8b5542f33fe64aed57a025c16e
- SHA1
  
  0dc7407687f5711658d1df20a2e79005b8140c67
- SHA256
  
  218ec18bafd5b37867ebfefb9f64a895acccf4d644fb145cbb13e7faf3997df9
- SHA512
  
  0d215cb1ff96e573da830cabd618e4c7005bf4d700cf66af20b825fecf977b014f120245a058d05d8923297eed5eca3117fa9951352c365584bf1331439ab59e
- SSDEEP
  
  1536:Zt28iAuismywsl96Lw0wF9MGM9K/oKtNgCMbA1bL3N+NM5UfONIjnZR+:+D6/KLOM5FCnb+
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence