a35d82fe42736b4dfdcc91094f48590b83135db2bb6eac196038c6f13e9403f1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a35d82fe42736b4dfdcc91094f48590b83135db2bb6eac196038c6f13e9403f1
Size

212KB
Sample

221107-apgynshdf8
MD5

0ea9d705fa2d18453824a26a40d49022
SHA1

20a0309d06b6a3992c9f9f298b50e9df14a2c43b
SHA256

a35d82fe42736b4dfdcc91094f48590b83135db2bb6eac196038c6f13e9403f1
SHA512

9520678c0a45d43c8e880ccb09615f70e1313be9c6d375981bd8e92a7a934fc20438ded5331eaba6c4459b0589a26de97e951134626c5f8cabf64ccec48e12ad
SSDEEP

6144:iXAKwwP0iczY09umHh7K5cUXEBwrYVHhAgY65cJ:IAby0xY09umH45cUXEBwUVHhAgY65u

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a35d82fe42736b4dfdcc91094f48590b83135db2bb6eac196038c6f13e9403f1
- Size
  
  212KB
- MD5
  
  0ea9d705fa2d18453824a26a40d49022
- SHA1
  
  20a0309d06b6a3992c9f9f298b50e9df14a2c43b
- SHA256
  
  a35d82fe42736b4dfdcc91094f48590b83135db2bb6eac196038c6f13e9403f1
- SHA512
  
  9520678c0a45d43c8e880ccb09615f70e1313be9c6d375981bd8e92a7a934fc20438ded5331eaba6c4459b0589a26de97e951134626c5f8cabf64ccec48e12ad
- SSDEEP
  
  6144:iXAKwwP0iczY09umHh7K5cUXEBwrYVHhAgY65cJ:IAby0xY09umH45cUXEBwUVHhAgY65u
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence