1b9aac6498a5f5aebdd8a846edc63b296258e16448b22c91d90e2924af3891b3 | Triage

Sharing

General

Target

1b9aac6498a5f5aebdd8a846edc63b296258e16448b22c91d90e2924af3891b3
Size

232KB
Sample

221107-typ57aaacj
MD5

03a36bbd3993332fa2c8054efcc8f264
SHA1

e8f0a7100dd9d2adb83156213deae351513b9811
SHA256

1b9aac6498a5f5aebdd8a846edc63b296258e16448b22c91d90e2924af3891b3
SHA512

fa83b13af13b247865adc3905b2c545a5ef90572b25fe4f7cf599f99501dbbda3a100539e8bcd89047d98dd055e8c4b8e65f7d4d404f99cb86e1420da8980d68
SSDEEP

6144:jPTEJ0LQ4GoKVjdiOxvUbVcOSWgVxCuq88vvfCZft:jtLQ4GoKVjdiOxvUbVcOSWg9q87ft

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1b9aac6498a5f5aebdd8a846edc63b296258e16448b22c91d90e2924af3891b3
- Size
  
  232KB
- MD5
  
  03a36bbd3993332fa2c8054efcc8f264
- SHA1
  
  e8f0a7100dd9d2adb83156213deae351513b9811
- SHA256
  
  1b9aac6498a5f5aebdd8a846edc63b296258e16448b22c91d90e2924af3891b3
- SHA512
  
  fa83b13af13b247865adc3905b2c545a5ef90572b25fe4f7cf599f99501dbbda3a100539e8bcd89047d98dd055e8c4b8e65f7d4d404f99cb86e1420da8980d68
- SSDEEP
  
  6144:jPTEJ0LQ4GoKVjdiOxvUbVcOSWgVxCuq88vvfCZft:jtLQ4GoKVjdiOxvUbVcOSWg9q87ft
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence