fa5c72077bfe8567bf09a6fecb207fbe47af08f96e37c310f2dfa76e85bb165c | Triage

Sharing

General

Target

fa5c72077bfe8567bf09a6fecb207fbe47af08f96e37c310f2dfa76e85bb165c
Size

320KB
Sample

221106-ssddrsbcap
MD5

0d576e7822df167b2583f772397f4a2f
SHA1

d4d8c12e73bb7d69acd92bca27b449ffec450235
SHA256

fa5c72077bfe8567bf09a6fecb207fbe47af08f96e37c310f2dfa76e85bb165c
SHA512

1d4ed7eab238ea0f54fa5e90852a5b6be6a51d8ab9442421c3f18613bad902e202199eefe71287f559fe88e7e9e868b1a3f571d8ac0e8952fa4968cd94a688c9
SSDEEP

6144:tM+xPxlRdfsYJ66onJGr+qyVztumGS5Ni3h6goMKMphaeVf2B71A:tzPjRdfsW6JGr+qyVztumGS5YJoyU71

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fa5c72077bfe8567bf09a6fecb207fbe47af08f96e37c310f2dfa76e85bb165c
- Size
  
  320KB
- MD5
  
  0d576e7822df167b2583f772397f4a2f
- SHA1
  
  d4d8c12e73bb7d69acd92bca27b449ffec450235
- SHA256
  
  fa5c72077bfe8567bf09a6fecb207fbe47af08f96e37c310f2dfa76e85bb165c
- SHA512
  
  1d4ed7eab238ea0f54fa5e90852a5b6be6a51d8ab9442421c3f18613bad902e202199eefe71287f559fe88e7e9e868b1a3f571d8ac0e8952fa4968cd94a688c9
- SSDEEP
  
  6144:tM+xPxlRdfsYJ66onJGr+qyVztumGS5Ni3h6goMKMphaeVf2B71A:tzPjRdfsW6JGr+qyVztumGS5YJoyU71
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence