b4cd6ad5685a0374945b85cc9d4651963932dab29b27ca47ab89611bfb6e4b8f | Triage

Sharing

General

Target

b4cd6ad5685a0374945b85cc9d4651963932dab29b27ca47ab89611bfb6e4b8f
Size

288KB
Sample

221030-xqyddafhbp
MD5

821575973376249b53f8d9e11524ac1f
SHA1

1271c402db78c39d537182f30792af5d0ebc6fab
SHA256

b4cd6ad5685a0374945b85cc9d4651963932dab29b27ca47ab89611bfb6e4b8f
SHA512

89cdf30f945d054394af7c04024d6c30142ca11965f4661cc1eca8f2949e234766ea53900b5d11bbd3d4800a00626575dcf75949ba59fa6a9828b1456097c7f6
SSDEEP

6144:MmUi0vbGuOdn9Z/QmO6Ckobf3fGCmahGIUutF:H0vbGuYnXQmO6Ckobf3fGCmahTUu

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b4cd6ad5685a0374945b85cc9d4651963932dab29b27ca47ab89611bfb6e4b8f
- Size
  
  288KB
- MD5
  
  821575973376249b53f8d9e11524ac1f
- SHA1
  
  1271c402db78c39d537182f30792af5d0ebc6fab
- SHA256
  
  b4cd6ad5685a0374945b85cc9d4651963932dab29b27ca47ab89611bfb6e4b8f
- SHA512
  
  89cdf30f945d054394af7c04024d6c30142ca11965f4661cc1eca8f2949e234766ea53900b5d11bbd3d4800a00626575dcf75949ba59fa6a9828b1456097c7f6
- SSDEEP
  
  6144:MmUi0vbGuOdn9Z/QmO6Ckobf3fGCmahGIUutF:H0vbGuYnXQmO6Ckobf3fGCmahTUu
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence