b18fc4844315d83bfda1eab8acd0a46571b4ddb749a671a42df786eb188af3a2 | Triage

Sharing

General

Target

b18fc4844315d83bfda1eab8acd0a46571b4ddb749a671a42df786eb188af3a2
Size

88KB
Sample

221030-ah3lssdffp
MD5

a27bcd8ec63f9c1c1534a90084b2ab0d
SHA1

69ed04ca923a93549bf4f9a9aa8e56e19cc87850
SHA256

b18fc4844315d83bfda1eab8acd0a46571b4ddb749a671a42df786eb188af3a2
SHA512

e176c1e8ea35bc922f1795bee928b39e6f2fd4f3d271acd068730ac4ef3bc2c41d9ae8778b6ca55ef7ecb3d259d8de0c9dbc97c5c3e21c42810a4b35b0b22591
SSDEEP

1536:Uelg4mgWqXJfUhYlcy7duOf4h18GRQqupJKZuO:U4gmVUhBm3fC8GRK3a

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b18fc4844315d83bfda1eab8acd0a46571b4ddb749a671a42df786eb188af3a2
- Size
  
  88KB
- MD5
  
  a27bcd8ec63f9c1c1534a90084b2ab0d
- SHA1
  
  69ed04ca923a93549bf4f9a9aa8e56e19cc87850
- SHA256
  
  b18fc4844315d83bfda1eab8acd0a46571b4ddb749a671a42df786eb188af3a2
- SHA512
  
  e176c1e8ea35bc922f1795bee928b39e6f2fd4f3d271acd068730ac4ef3bc2c41d9ae8778b6ca55ef7ecb3d259d8de0c9dbc97c5c3e21c42810a4b35b0b22591
- SSDEEP
  
  1536:Uelg4mgWqXJfUhYlcy7duOf4h18GRQqupJKZuO:U4gmVUhBm3fC8GRK3a
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence