8d2468dd9fb8e2cc09428b7a64c66993584e4c21967112037b6bae85b4bcf534 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d2468dd9fb8e2cc09428b7a64c66993584e4c21967112037b6bae85b4bcf534
Size

132KB
Sample

221107-a6v7maace9
MD5

0eb5f475f9c448f1d6309cde3a5413b0
SHA1

0435f48ca1aae20bc63e4f0969188c26ecb01c77
SHA256

8d2468dd9fb8e2cc09428b7a64c66993584e4c21967112037b6bae85b4bcf534
SHA512

cb2facd2a76773330111903d9809692587d8d7bb4b17663a1f57e8b45ea94a2e73c8fde9e0d1fc9cc9deac3a1d91abce5fade22d8807222cd69d53eeee91313b
SSDEEP

3072:0Cg9bRO/NMPvxt+PIPVfHRSkenbI6n1Fi2V3b7D6ONK8ueNx:FgPOOPvKkfHYkenrn1Fiy3b7DrK8uG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8d2468dd9fb8e2cc09428b7a64c66993584e4c21967112037b6bae85b4bcf534
- Size
  
  132KB
- MD5
  
  0eb5f475f9c448f1d6309cde3a5413b0
- SHA1
  
  0435f48ca1aae20bc63e4f0969188c26ecb01c77
- SHA256
  
  8d2468dd9fb8e2cc09428b7a64c66993584e4c21967112037b6bae85b4bcf534
- SHA512
  
  cb2facd2a76773330111903d9809692587d8d7bb4b17663a1f57e8b45ea94a2e73c8fde9e0d1fc9cc9deac3a1d91abce5fade22d8807222cd69d53eeee91313b
- SSDEEP
  
  3072:0Cg9bRO/NMPvxt+PIPVfHRSkenbI6n1Fi2V3b7D6ONK8ueNx:FgPOOPvKkfHYkenrn1Fiy3b7DrK8uG
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence