ab716beeaa0b40260720b2670fecaecf47d6acbb0bc9cb75db65919409434ceb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab716beeaa0b40260720b2670fecaecf47d6acbb0bc9cb75db65919409434ceb
Size

300KB
Sample

221106-nk7keshdg3
MD5

04b1f96ec1e6970afc656c88dde02c6f
SHA1

f0d3632cfa64b4d17a9b4d4b1a965dce85571c1d
SHA256

ab716beeaa0b40260720b2670fecaecf47d6acbb0bc9cb75db65919409434ceb
SHA512

fcc8dfd935341f32e64678758fed43912bc6ec7ad354340e2c059bbecee9986de058af6a07d20650d638a0d8587a3da5535cff0b16f03520a320999385deea62
SSDEEP

6144:nS758jr+14xdKnvmb7/D26ezCW7eUrcnR44u6Di5vvkUTpPwfuDqbgNsEixMCO+w:n658jr+1edKnvmb7/D26CrcR44U5vcUN

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ab716beeaa0b40260720b2670fecaecf47d6acbb0bc9cb75db65919409434ceb
- Size
  
  300KB
- MD5
  
  04b1f96ec1e6970afc656c88dde02c6f
- SHA1
  
  f0d3632cfa64b4d17a9b4d4b1a965dce85571c1d
- SHA256
  
  ab716beeaa0b40260720b2670fecaecf47d6acbb0bc9cb75db65919409434ceb
- SHA512
  
  fcc8dfd935341f32e64678758fed43912bc6ec7ad354340e2c059bbecee9986de058af6a07d20650d638a0d8587a3da5535cff0b16f03520a320999385deea62
- SSDEEP
  
  6144:nS758jr+14xdKnvmb7/D26ezCW7eUrcnR44u6Di5vvkUTpPwfuDqbgNsEixMCO+w:n658jr+1edKnvmb7/D26CrcR44U5vcUN
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence