3c52a9c4d62fb0c5f1a979079c7cfbfb6fc14df4d39103e05505f505ab57779e | Triage

Sharing

General

Target

3c52a9c4d62fb0c5f1a979079c7cfbfb6fc14df4d39103e05505f505ab57779e
Size

164KB
Sample

221030-tt8rqshge5
MD5

8367df12ca0e91d399cf8330da83b2b0
SHA1

f0ed3c4f8ef2d9cc528eb51ab6c09c34cb16e53b
SHA256

3c52a9c4d62fb0c5f1a979079c7cfbfb6fc14df4d39103e05505f505ab57779e
SHA512

6c56751c457db0e9f8ce4b386d3e0154b26f20f974485ab3e936e457b5456043c1505082e8fef051e087f51e4eb0e62d92ed3fb019df9b3d55799121a68e29b2
SSDEEP

3072:9sWcISlDP6veiCi36JRbs4jwKWuRr6TQY3vaFJ0T72mBT:9sWcIMDP6mJDjwZuesY3CFJ0T72uT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3c52a9c4d62fb0c5f1a979079c7cfbfb6fc14df4d39103e05505f505ab57779e
- Size
  
  164KB
- MD5
  
  8367df12ca0e91d399cf8330da83b2b0
- SHA1
  
  f0ed3c4f8ef2d9cc528eb51ab6c09c34cb16e53b
- SHA256
  
  3c52a9c4d62fb0c5f1a979079c7cfbfb6fc14df4d39103e05505f505ab57779e
- SHA512
  
  6c56751c457db0e9f8ce4b386d3e0154b26f20f974485ab3e936e457b5456043c1505082e8fef051e087f51e4eb0e62d92ed3fb019df9b3d55799121a68e29b2
- SSDEEP
  
  3072:9sWcISlDP6veiCi36JRbs4jwKWuRr6TQY3vaFJ0T72mBT:9sWcIMDP6mJDjwZuesY3CFJ0T72uT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence