cd252254d95bc06921b361a64c9656ddd168cb9dd6c311ee5f9cbde91fd0b8df | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cd252254d95bc06921b361a64c9656ddd168cb9dd6c311ee5f9cbde91fd0b8df
Size

232KB
Sample

221106-sfdtrsgdc8
MD5

0f462375f3eed872ad057b21970f96be
SHA1

07451edcf34ed281652d8ad8d37fb2702e8ea7d3
SHA256

cd252254d95bc06921b361a64c9656ddd168cb9dd6c311ee5f9cbde91fd0b8df
SHA512

db3fc004d64567833da13aafa7a93018ae057e04b7da162ac71712ca875337a8066b8f2eacb08f8f6d4f70a70cab21b3a4e906d44f63b65e8c211d28e9023668
SSDEEP

6144:Q3PFKs7diixRSFBfWEqxF6snji81RUinK51jbkxkubSU:KPhJuBXVbkxJbl

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  cd252254d95bc06921b361a64c9656ddd168cb9dd6c311ee5f9cbde91fd0b8df
- Size
  
  232KB
- MD5
  
  0f462375f3eed872ad057b21970f96be
- SHA1
  
  07451edcf34ed281652d8ad8d37fb2702e8ea7d3
- SHA256
  
  cd252254d95bc06921b361a64c9656ddd168cb9dd6c311ee5f9cbde91fd0b8df
- SHA512
  
  db3fc004d64567833da13aafa7a93018ae057e04b7da162ac71712ca875337a8066b8f2eacb08f8f6d4f70a70cab21b3a4e906d44f63b65e8c211d28e9023668
- SSDEEP
  
  6144:Q3PFKs7diixRSFBfWEqxF6snji81RUinK51jbkxkubSU:KPhJuBXVbkxJbl
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence