befc4bbb4ddfb897100f1b2874be91c0d2074801b8f703a2a21ddbbbc1909067 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

befc4bbb4ddfb897100f1b2874be91c0d2074801b8f703a2a21ddbbbc1909067
Size

48KB
Sample

221030-arma6sdda7
MD5

849ab4538baad7abd5a2854299137e80
SHA1

f7541c85f6325ed9e9d593c933da462b62cc4815
SHA256

befc4bbb4ddfb897100f1b2874be91c0d2074801b8f703a2a21ddbbbc1909067
SHA512

9c15bb638965ba57108b025a698ff208a16e9c0bb79f56b373fdb85a0aaaa20e7b4e105ac5191fd76835428e8868ae4ed1292d8fb650da670ce4175d028c69a3
SSDEEP

768:xeNEhm6gz9v+6wH9H7MfygXaDMFQXD7e:xeamlZ6NNDsQXD7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  befc4bbb4ddfb897100f1b2874be91c0d2074801b8f703a2a21ddbbbc1909067
- Size
  
  48KB
- MD5
  
  849ab4538baad7abd5a2854299137e80
- SHA1
  
  f7541c85f6325ed9e9d593c933da462b62cc4815
- SHA256
  
  befc4bbb4ddfb897100f1b2874be91c0d2074801b8f703a2a21ddbbbc1909067
- SHA512
  
  9c15bb638965ba57108b025a698ff208a16e9c0bb79f56b373fdb85a0aaaa20e7b4e105ac5191fd76835428e8868ae4ed1292d8fb650da670ce4175d028c69a3
- SSDEEP
  
  768:xeNEhm6gz9v+6wH9H7MfygXaDMFQXD7e:xeamlZ6NNDsQXD7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence