463d333bf5f3f1666230d1a8336952d3f53dfd5d83758b2864d2c6dfd85e6fa3 | Triage

Sharing

General

Target

463d333bf5f3f1666230d1a8336952d3f53dfd5d83758b2864d2c6dfd85e6fa3
Size

180KB
Sample

221107-t29zrsaccm
MD5

0b262ca8e1220c577c320a0ef285a47c
SHA1

f4dcae971be36c5800a9afbac219f3c0226574af
SHA256

463d333bf5f3f1666230d1a8336952d3f53dfd5d83758b2864d2c6dfd85e6fa3
SHA512

5cf393835a07c81b3f45cb17bcd841de07bc3054cc47fe26b4cc5155522e9cb670aa1b192e3ac24cb94b5599b790d38cab94349ebd1c79b4eaf740c11ed33107
SSDEEP

3072:SIQGdYRLoeEdRos/eaqFnqWDb+uTyLDC6s5sSYqGlC6YViZj5HQXZmmJ0yCFioxG:9xcKPpm2lC6YViZj5HQXZmmJ0yCF9Bxc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  463d333bf5f3f1666230d1a8336952d3f53dfd5d83758b2864d2c6dfd85e6fa3
- Size
  
  180KB
- MD5
  
  0b262ca8e1220c577c320a0ef285a47c
- SHA1
  
  f4dcae971be36c5800a9afbac219f3c0226574af
- SHA256
  
  463d333bf5f3f1666230d1a8336952d3f53dfd5d83758b2864d2c6dfd85e6fa3
- SHA512
  
  5cf393835a07c81b3f45cb17bcd841de07bc3054cc47fe26b4cc5155522e9cb670aa1b192e3ac24cb94b5599b790d38cab94349ebd1c79b4eaf740c11ed33107
- SSDEEP
  
  3072:SIQGdYRLoeEdRos/eaqFnqWDb+uTyLDC6s5sSYqGlC6YViZj5HQXZmmJ0yCFioxG:9xcKPpm2lC6YViZj5HQXZmmJ0yCF9Bxc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence