476e0f108364fea2572715ca3c5d6f056bff31158b0b3de7c6ddb1e1697893ff | Triage

Sharing

General

Target

476e0f108364fea2572715ca3c5d6f056bff31158b0b3de7c6ddb1e1697893ff
Size

324KB
Sample

221030-aj78nsdag5
MD5

a322f18568a48c30d40cecb23a9fc8ac
SHA1

9ef4659364c3134b9b36140cac8640f94ce3eaa8
SHA256

476e0f108364fea2572715ca3c5d6f056bff31158b0b3de7c6ddb1e1697893ff
SHA512

f5fdd3e26b15600de3284e7e60d8b4d5e4924c93e892c8a0354552895dafb58d1c15b43757adbcb52627cd25fbd88bd191c7bc785a311e8fe6ecdf6b9b49b8fc
SSDEEP

6144:tr+xPxlKd2siJ66onJGr+qyVztumGS5Ni3h6goMKMphaeVf2B71q:tkPjKd2sY6JGr+qyVztumGS5YJoyU71q

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  476e0f108364fea2572715ca3c5d6f056bff31158b0b3de7c6ddb1e1697893ff
- Size
  
  324KB
- MD5
  
  a322f18568a48c30d40cecb23a9fc8ac
- SHA1
  
  9ef4659364c3134b9b36140cac8640f94ce3eaa8
- SHA256
  
  476e0f108364fea2572715ca3c5d6f056bff31158b0b3de7c6ddb1e1697893ff
- SHA512
  
  f5fdd3e26b15600de3284e7e60d8b4d5e4924c93e892c8a0354552895dafb58d1c15b43757adbcb52627cd25fbd88bd191c7bc785a311e8fe6ecdf6b9b49b8fc
- SSDEEP
  
  6144:tr+xPxlKd2siJ66onJGr+qyVztumGS5Ni3h6goMKMphaeVf2B71q:tkPjKd2sY6JGr+qyVztumGS5YJoyU71q
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence