d155f899deec0938a43ad6038270333b387744df07e92f3d6e5b693db895ee33 | Triage

Sharing

General

Target

d155f899deec0938a43ad6038270333b387744df07e92f3d6e5b693db895ee33
Size

256KB
Sample

221030-ydzlcafhh4
MD5

91d83f1c14f188004527720ba0cf6be6
SHA1

80a751bcd966e54b9ae7239046b8ed9e670e9a03
SHA256

d155f899deec0938a43ad6038270333b387744df07e92f3d6e5b693db895ee33
SHA512

5b0c3b007eec8278e5738990e4d8dc6852f20c547e7388387a7b401bf1f5bb745f9770ad4e696bc3304146ddb6a06ec7bbfb87c67b6174fb6199f2836bbf3b4f
SSDEEP

6144:9VGuQZUvhOoOirF1rsNjqH94M7RNo913Ml2Knvmb7/D26QkQeOzRoJ:JQZUvhOoOMF1rsNjqgH3Ml2Knvmb7/DB

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d155f899deec0938a43ad6038270333b387744df07e92f3d6e5b693db895ee33
- Size
  
  256KB
- MD5
  
  91d83f1c14f188004527720ba0cf6be6
- SHA1
  
  80a751bcd966e54b9ae7239046b8ed9e670e9a03
- SHA256
  
  d155f899deec0938a43ad6038270333b387744df07e92f3d6e5b693db895ee33
- SHA512
  
  5b0c3b007eec8278e5738990e4d8dc6852f20c547e7388387a7b401bf1f5bb745f9770ad4e696bc3304146ddb6a06ec7bbfb87c67b6174fb6199f2836bbf3b4f
- SSDEEP
  
  6144:9VGuQZUvhOoOirF1rsNjqH94M7RNo913Ml2Knvmb7/D26QkQeOzRoJ:JQZUvhOoOMF1rsNjqgH3Ml2Knvmb7/DB
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence