2f16c3e2c341e398e99552a076d6ebceeb8dbfdcfb2b5386b2a48984e62b5034 | Triage

Sharing

General

Target

2f16c3e2c341e398e99552a076d6ebceeb8dbfdcfb2b5386b2a48984e62b5034
Size

240KB
Sample

221106-svy39abdbm
MD5

0c9a41f12c4e7cfd4bf91b1a98c27d40
SHA1

c7c168eaa3a357d5fcae4d2f19096c9ec2ad8acc
SHA256

2f16c3e2c341e398e99552a076d6ebceeb8dbfdcfb2b5386b2a48984e62b5034
SHA512

98521f2adefcaf77d8e1c8dc2a3f9dd04f9041c28bb22b0239c85bb4f16d56c2eadc382664a647ead2dcd88fc5a04fa2b7a4eafc3d2fa5c3244b0e2f1c202bc4
SSDEEP

3072:LkBGaT8j6VlpvBd90i/SmWKLi7CjFSivnfu3fbMdozt5cz+Yj:L20UGKGkFRKfeoztO3

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2f16c3e2c341e398e99552a076d6ebceeb8dbfdcfb2b5386b2a48984e62b5034
- Size
  
  240KB
- MD5
  
  0c9a41f12c4e7cfd4bf91b1a98c27d40
- SHA1
  
  c7c168eaa3a357d5fcae4d2f19096c9ec2ad8acc
- SHA256
  
  2f16c3e2c341e398e99552a076d6ebceeb8dbfdcfb2b5386b2a48984e62b5034
- SHA512
  
  98521f2adefcaf77d8e1c8dc2a3f9dd04f9041c28bb22b0239c85bb4f16d56c2eadc382664a647ead2dcd88fc5a04fa2b7a4eafc3d2fa5c3244b0e2f1c202bc4
- SSDEEP
  
  3072:LkBGaT8j6VlpvBd90i/SmWKLi7CjFSivnfu3fbMdozt5cz+Yj:L20UGKGkFRKfeoztO3
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence