646cce3e7a7ece289a4dbfec90d21a90570c3a27cb3b3d9f2613f03edf1fc46a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

646cce3e7a7ece289a4dbfec90d21a90570c3a27cb3b3d9f2613f03edf1fc46a
Size

152KB
Sample

221107-t1tamaabdr
MD5

0785815c276241e858c0aebc1ca5bb74
SHA1

658d4f9f480a1248855297a70922cc945e14b663
SHA256

646cce3e7a7ece289a4dbfec90d21a90570c3a27cb3b3d9f2613f03edf1fc46a
SHA512

0d3b621468880bd11e05d0eb432ac5af86722cc2a3e8f25a8d3099d0913d30aac126a939ec451c4d45e88217787c8f236bf3ec1922e5c7dcfa53f895003d8ee2
SSDEEP

3072:L3savl3Po5+tTjFqV+t3DRGCKBiAKKNE5j4oQ:bQ5+t8+NDR5Akd

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  646cce3e7a7ece289a4dbfec90d21a90570c3a27cb3b3d9f2613f03edf1fc46a
- Size
  
  152KB
- MD5
  
  0785815c276241e858c0aebc1ca5bb74
- SHA1
  
  658d4f9f480a1248855297a70922cc945e14b663
- SHA256
  
  646cce3e7a7ece289a4dbfec90d21a90570c3a27cb3b3d9f2613f03edf1fc46a
- SHA512
  
  0d3b621468880bd11e05d0eb432ac5af86722cc2a3e8f25a8d3099d0913d30aac126a939ec451c4d45e88217787c8f236bf3ec1922e5c7dcfa53f895003d8ee2
- SSDEEP
  
  3072:L3savl3Po5+tTjFqV+t3DRGCKBiAKKNE5j4oQ:bQ5+t8+NDR5Akd
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence