d886cf4fd0ae32043eddc7701d3b025e7de92a057bc7aac6cc6df28d6a874b45 | Triage

Sharing

General

Target

d886cf4fd0ae32043eddc7701d3b025e7de92a057bc7aac6cc6df28d6a874b45
Size

176KB
Sample

221107-t2jsksabgn
MD5

01ada3eed578ce580487821feda2e76b
SHA1

0e8bb8c579c0c238628b68ce509984140c7fc464
SHA256

d886cf4fd0ae32043eddc7701d3b025e7de92a057bc7aac6cc6df28d6a874b45
SHA512

90af105bd7833272cc9c77d86a7af95ac643fd118ee10d4cfa491a4c953eb28606eab321037e17face277aca8305d44da208cfa8e99165fb6e29202af447a8c5
SSDEEP

3072:dv04IcfpHlp1D2KcwjIU2aTObcpT/pHkEAbN/yK/fObT/bGiCV/COqoSQ1iBuAZX:B04PfpHlp1KKcwjIDaTObcZ/pHkMK/fg

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d886cf4fd0ae32043eddc7701d3b025e7de92a057bc7aac6cc6df28d6a874b45
- Size
  
  176KB
- MD5
  
  01ada3eed578ce580487821feda2e76b
- SHA1
  
  0e8bb8c579c0c238628b68ce509984140c7fc464
- SHA256
  
  d886cf4fd0ae32043eddc7701d3b025e7de92a057bc7aac6cc6df28d6a874b45
- SHA512
  
  90af105bd7833272cc9c77d86a7af95ac643fd118ee10d4cfa491a4c953eb28606eab321037e17face277aca8305d44da208cfa8e99165fb6e29202af447a8c5
- SSDEEP
  
  3072:dv04IcfpHlp1D2KcwjIU2aTObcpT/pHkEAbN/yK/fObT/bGiCV/COqoSQ1iBuAZX:B04PfpHlp1KKcwjIDaTObcZ/pHkMK/fg
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence