f855bf824cfb135ff6c4c2faa41f3762ea332905a05507326837f40a77ac8afa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f855bf824cfb135ff6c4c2faa41f3762ea332905a05507326837f40a77ac8afa
Size

228KB
Sample

221030-yxltlahhfj
MD5

91f415ff0f2179b6827e8a433baffe2b
SHA1

8c06483fe573f96f870aadc256a583f3fce957b1
SHA256

f855bf824cfb135ff6c4c2faa41f3762ea332905a05507326837f40a77ac8afa
SHA512

edee56653ae4e786fa8c113326556e13635f703f9330c78dd04f9366990730048bf58a5c685258ccab049b323822dd1e533ace29be021eed23c3e95999d4e811
SSDEEP

6144:fmN3PFKs7aFwKWwalhrEqxF6snji81RUinKZHg/ASN:fmZPhAmZIH+A4

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f855bf824cfb135ff6c4c2faa41f3762ea332905a05507326837f40a77ac8afa
- Size
  
  228KB
- MD5
  
  91f415ff0f2179b6827e8a433baffe2b
- SHA1
  
  8c06483fe573f96f870aadc256a583f3fce957b1
- SHA256
  
  f855bf824cfb135ff6c4c2faa41f3762ea332905a05507326837f40a77ac8afa
- SHA512
  
  edee56653ae4e786fa8c113326556e13635f703f9330c78dd04f9366990730048bf58a5c685258ccab049b323822dd1e533ace29be021eed23c3e95999d4e811
- SSDEEP
  
  6144:fmN3PFKs7aFwKWwalhrEqxF6snji81RUinKZHg/ASN:fmZPhAmZIH+A4
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence