d48aab10740dbc76b55cc75bc657e9e361d9b1636488d94982c85ab13e7c9870 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d48aab10740dbc76b55cc75bc657e9e361d9b1636488d94982c85ab13e7c9870
Size

204KB
Sample

221030-al1llsdhar
MD5

9379da7a2cb94179b8b55c012d437520
SHA1

325de2cced9c60b0c3c6a1c09cc65268776abd85
SHA256

d48aab10740dbc76b55cc75bc657e9e361d9b1636488d94982c85ab13e7c9870
SHA512

bb5c38bacebb00e21ade2dfcdef514c1511c9cf97c57410816ae9f67dc49b7820a3df1b210bf55d0d500f8ca0e03dbf501fdff7a63002dc79fca207d7297374d
SSDEEP

3072:hgEtFXDp2p3zf+sJZY1Pm+Auw3jjOPyzgKxycD12XHvGcVdNQDjp:BTpgz2sJZC3SjBzbZW4d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d48aab10740dbc76b55cc75bc657e9e361d9b1636488d94982c85ab13e7c9870
- Size
  
  204KB
- MD5
  
  9379da7a2cb94179b8b55c012d437520
- SHA1
  
  325de2cced9c60b0c3c6a1c09cc65268776abd85
- SHA256
  
  d48aab10740dbc76b55cc75bc657e9e361d9b1636488d94982c85ab13e7c9870
- SHA512
  
  bb5c38bacebb00e21ade2dfcdef514c1511c9cf97c57410816ae9f67dc49b7820a3df1b210bf55d0d500f8ca0e03dbf501fdff7a63002dc79fca207d7297374d
- SSDEEP
  
  3072:hgEtFXDp2p3zf+sJZY1Pm+Auw3jjOPyzgKxycD12XHvGcVdNQDjp:BTpgz2sJZC3SjBzbZW4d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence