3c29c3027413ad82464ca6bd5aec09fa0df0f79704708a6218fa661118c2c06f | Triage

Sharing

General

Target

3c29c3027413ad82464ca6bd5aec09fa0df0f79704708a6218fa661118c2c06f
Size

344KB
Sample

221106-sxl7gahcc7
MD5

072cf5622928a1f2fb8fe20ce239ffa6
SHA1

c610e1801a769de0b4fc0d44d29a0f56e3fbed6d
SHA256

3c29c3027413ad82464ca6bd5aec09fa0df0f79704708a6218fa661118c2c06f
SHA512

d24afca2a9f0823f4df0fddf65e2f1efd20b9568e900c8bdefca8aa8f1fb7884594f7df7e05faf9f22d23e709f7505e109535ca1febe095e697ff81d8b8678f3
SSDEEP

6144:0yDCXxruVM1qW6Ts7C/LGPM5WYmFoAFQTUgZqU2cC:tOXxqVwx6Ts7C/LGPMkx8yx

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3c29c3027413ad82464ca6bd5aec09fa0df0f79704708a6218fa661118c2c06f
- Size
  
  344KB
- MD5
  
  072cf5622928a1f2fb8fe20ce239ffa6
- SHA1
  
  c610e1801a769de0b4fc0d44d29a0f56e3fbed6d
- SHA256
  
  3c29c3027413ad82464ca6bd5aec09fa0df0f79704708a6218fa661118c2c06f
- SHA512
  
  d24afca2a9f0823f4df0fddf65e2f1efd20b9568e900c8bdefca8aa8f1fb7884594f7df7e05faf9f22d23e709f7505e109535ca1febe095e697ff81d8b8678f3
- SSDEEP
  
  6144:0yDCXxruVM1qW6Ts7C/LGPM5WYmFoAFQTUgZqU2cC:tOXxqVwx6Ts7C/LGPMkx8yx
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence