b22298fb187b04568a39c83b31176e96d748afe40d52f0c8cc88ac4366ac4282 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b22298fb187b04568a39c83b31176e96d748afe40d52f0c8cc88ac4366ac4282
Size

124KB
Sample

221030-yff7sagaf4
MD5

923a6c38dc9fcfa10eea909febeea1f0
SHA1

703b0885216e6ed2f0f51e9f509b49660c652a64
SHA256

b22298fb187b04568a39c83b31176e96d748afe40d52f0c8cc88ac4366ac4282
SHA512

8e6fb141e6b2ea93831db9f06b7770cbc2f0c2881b08a2e86701790b9e4368476d24332648e2495c13a92995a8dd64d7690d67bf486c788501a27a42e8b26db7
SSDEEP

1536:udJQ/0jPJt4JEk5KO98p+kzGDwTc6bdaR+aLbGctSFTJ9:YbLJtCYOGDz0wwydjGj419

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b22298fb187b04568a39c83b31176e96d748afe40d52f0c8cc88ac4366ac4282
- Size
  
  124KB
- MD5
  
  923a6c38dc9fcfa10eea909febeea1f0
- SHA1
  
  703b0885216e6ed2f0f51e9f509b49660c652a64
- SHA256
  
  b22298fb187b04568a39c83b31176e96d748afe40d52f0c8cc88ac4366ac4282
- SHA512
  
  8e6fb141e6b2ea93831db9f06b7770cbc2f0c2881b08a2e86701790b9e4368476d24332648e2495c13a92995a8dd64d7690d67bf486c788501a27a42e8b26db7
- SSDEEP
  
  1536:udJQ/0jPJt4JEk5KO98p+kzGDwTc6bdaR+aLbGctSFTJ9:YbLJtCYOGDz0wwydjGj419
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence