f19eea6003a37b1253ac446f83cafdd5e5af035e95f991765c0e5110109734e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f19eea6003a37b1253ac446f83cafdd5e5af035e95f991765c0e5110109734e0
Size

88KB
Sample

221107-cdp61sccd5
MD5

0fba6e42a3f02c12eccbdb272a4cf8f4
SHA1

b5847ffe4c442d74815dbec5f4a605020824fcd6
SHA256

f19eea6003a37b1253ac446f83cafdd5e5af035e95f991765c0e5110109734e0
SHA512

bb4ae8c712b3aa2f3ab4aec5f21147bab78e8fab0197e1747606986fcbaca28c5d1320c7500608efcfcce15a04d611c8bc43417b5f0e954a8306579bbb435556
SSDEEP

768:y/h4JA5vHnURLQ/JD60XDeVtA5YwmHwWW2icNe78ljNZQcyLbdg5CIBT/DCwaTDw:SfPIQ/JDHKa5EJWceYljNZQ6vDmNmoGj

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f19eea6003a37b1253ac446f83cafdd5e5af035e95f991765c0e5110109734e0
- Size
  
  88KB
- MD5
  
  0fba6e42a3f02c12eccbdb272a4cf8f4
- SHA1
  
  b5847ffe4c442d74815dbec5f4a605020824fcd6
- SHA256
  
  f19eea6003a37b1253ac446f83cafdd5e5af035e95f991765c0e5110109734e0
- SHA512
  
  bb4ae8c712b3aa2f3ab4aec5f21147bab78e8fab0197e1747606986fcbaca28c5d1320c7500608efcfcce15a04d611c8bc43417b5f0e954a8306579bbb435556
- SSDEEP
  
  768:y/h4JA5vHnURLQ/JD60XDeVtA5YwmHwWW2icNe78ljNZQcyLbdg5CIBT/DCwaTDw:SfPIQ/JDHKa5EJWceYljNZQ6vDmNmoGj
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence