01f580af77185dcb808d3f45121798deb8c551c8213e9a293e7711c57e26b6be | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01f580af77185dcb808d3f45121798deb8c551c8213e9a293e7711c57e26b6be
Size

152KB
Sample

221106-snkmaagge9
MD5

0dc0bfa086fabcf64b5ad6cbecd0fcf7
SHA1

ab3144575e072323169dd3ed2ab6e0b4d215cb3d
SHA256

01f580af77185dcb808d3f45121798deb8c551c8213e9a293e7711c57e26b6be
SHA512

b506f83e5e6717b93b66329509c9f7edc0ae1e63d45a803570b0463415e3046e4fb11a02982c10210a4b135d3e3b6ca33e2f5b2f8df7de9aae455b866822959f
SSDEEP

3072:ptDgFZCmeGMS6WLI3kTB58hahpkzFhPAOJ0NAW/pC4oQZiEpy8c:kAmeGMS6Wc3kn9ADPAOJ0NJUWC7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  01f580af77185dcb808d3f45121798deb8c551c8213e9a293e7711c57e26b6be
- Size
  
  152KB
- MD5
  
  0dc0bfa086fabcf64b5ad6cbecd0fcf7
- SHA1
  
  ab3144575e072323169dd3ed2ab6e0b4d215cb3d
- SHA256
  
  01f580af77185dcb808d3f45121798deb8c551c8213e9a293e7711c57e26b6be
- SHA512
  
  b506f83e5e6717b93b66329509c9f7edc0ae1e63d45a803570b0463415e3046e4fb11a02982c10210a4b135d3e3b6ca33e2f5b2f8df7de9aae455b866822959f
- SSDEEP
  
  3072:ptDgFZCmeGMS6WLI3kTB58hahpkzFhPAOJ0NAW/pC4oQZiEpy8c:kAmeGMS6Wc3kn9ADPAOJ0NJUWC7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence