b85af0560e5cf648049426ae7e16841c12cbfe379efdb0d435521a463e95bcce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b85af0560e5cf648049426ae7e16841c12cbfe379efdb0d435521a463e95bcce
Size

104KB
Sample

221030-frsqvadbh8
MD5

9258308baf18eab80a04e8ce4806be63
SHA1

4865a1a8c4ac0073e0872d073df2f15d78a06d5c
SHA256

b85af0560e5cf648049426ae7e16841c12cbfe379efdb0d435521a463e95bcce
SHA512

6f63e9b0b3e28410cabf38df1556f1447ed5688c84d259a86766d75b1341e8a9bcfaeb530718fc57adc920aafeeea22dd233d1946c7196b9fdfa5385f26a16eb
SSDEEP

1536:d+tL/lgjJ8iw5ycDEJfNOPcDGwSgRouYmvqwMew7db/02u+bk/krqNIjnZbx:YNikyc0m/3Zu+bk1Cn5x

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b85af0560e5cf648049426ae7e16841c12cbfe379efdb0d435521a463e95bcce
- Size
  
  104KB
- MD5
  
  9258308baf18eab80a04e8ce4806be63
- SHA1
  
  4865a1a8c4ac0073e0872d073df2f15d78a06d5c
- SHA256
  
  b85af0560e5cf648049426ae7e16841c12cbfe379efdb0d435521a463e95bcce
- SHA512
  
  6f63e9b0b3e28410cabf38df1556f1447ed5688c84d259a86766d75b1341e8a9bcfaeb530718fc57adc920aafeeea22dd233d1946c7196b9fdfa5385f26a16eb
- SSDEEP
  
  1536:d+tL/lgjJ8iw5ycDEJfNOPcDGwSgRouYmvqwMew7db/02u+bk/krqNIjnZbx:YNikyc0m/3Zu+bk1Cn5x
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence