0efb57a266f2fbdd8a6aac08b0c9eda25972fa1b8519584d0f267d06c5628f7f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0efb57a266f2fbdd8a6aac08b0c9eda25972fa1b8519584d0f267d06c5628f7f
Size

260KB
Sample

221030-v46wkabhh7
MD5

830c5eaa06c5d624be2b2c036b85fecb
SHA1

5a56731fecc0ea3aafb15b54b28c71a8814340d3
SHA256

0efb57a266f2fbdd8a6aac08b0c9eda25972fa1b8519584d0f267d06c5628f7f
SHA512

bdb27edd65c63330fd527192458fd7595f89fec094370e423250c0facf53b1b0e2581283d91c5112387db9ee141a9ca91c6d621f5c2ae53864b379d84c09348b
SSDEEP

6144:ZdQogTSrMaIl/jcLijfHFEHWzXvjT85R:ZCTSrMaIqLlI/H85R

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0efb57a266f2fbdd8a6aac08b0c9eda25972fa1b8519584d0f267d06c5628f7f
- Size
  
  260KB
- MD5
  
  830c5eaa06c5d624be2b2c036b85fecb
- SHA1
  
  5a56731fecc0ea3aafb15b54b28c71a8814340d3
- SHA256
  
  0efb57a266f2fbdd8a6aac08b0c9eda25972fa1b8519584d0f267d06c5628f7f
- SHA512
  
  bdb27edd65c63330fd527192458fd7595f89fec094370e423250c0facf53b1b0e2581283d91c5112387db9ee141a9ca91c6d621f5c2ae53864b379d84c09348b
- SSDEEP
  
  6144:ZdQogTSrMaIl/jcLijfHFEHWzXvjT85R:ZCTSrMaIqLlI/H85R
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence