a277c76635b300fb110b17599945d072374c7eab89063c5c3b963551bf4f004b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a277c76635b300fb110b17599945d072374c7eab89063c5c3b963551bf4f004b
Size

228KB
Sample

221030-am8nlsdbg7
MD5

83eb660c0ebc63fa61562740a7c83d50
SHA1

3825be0832d839f2482ff99448d4537090d26f84
SHA256

a277c76635b300fb110b17599945d072374c7eab89063c5c3b963551bf4f004b
SHA512

df6e41bf87cbc0e035ee7baa113444cadec25954dd8954794ff1c90841b9df58fc49f3d9922dc85162f7fbfb657564a49143c3208e4187a12e7c147d45ee5307
SSDEEP

6144:EKGDh4jLt4NVcWgyGELwXiS8T+bbhn7aRjS5ZgBbfR:3GWntWyD1LiS8lS5ZIZ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a277c76635b300fb110b17599945d072374c7eab89063c5c3b963551bf4f004b
- Size
  
  228KB
- MD5
  
  83eb660c0ebc63fa61562740a7c83d50
- SHA1
  
  3825be0832d839f2482ff99448d4537090d26f84
- SHA256
  
  a277c76635b300fb110b17599945d072374c7eab89063c5c3b963551bf4f004b
- SHA512
  
  df6e41bf87cbc0e035ee7baa113444cadec25954dd8954794ff1c90841b9df58fc49f3d9922dc85162f7fbfb657564a49143c3208e4187a12e7c147d45ee5307
- SSDEEP
  
  6144:EKGDh4jLt4NVcWgyGELwXiS8T+bbhn7aRjS5ZgBbfR:3GWntWyD1LiS8lS5ZIZ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence