2c151d4e498e9308e7bc0e3aa9923ab19002789e737b2ea7479b0cc970120861 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c151d4e498e9308e7bc0e3aa9923ab19002789e737b2ea7479b0cc970120861
Size

204KB
Sample

221107-zc8nasagam
MD5

0823b069c99df9403c556deac7c96409
SHA1

6bbf60f838eb5c079e7b7c1accd45fc32d30517e
SHA256

2c151d4e498e9308e7bc0e3aa9923ab19002789e737b2ea7479b0cc970120861
SHA512

bae2c6004b64466bc68f6780367f39437fb59bc7342ab0d6c793ae2ea52ff2b448e65721f0bca7c60d8710e0df9dc05f08afa680f94ce6ffee33b5140ea257fd
SSDEEP

3072:omQW8JJr00tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWV+6:zlkV04QxL7B9W0c1RCzR/fSmlu7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2c151d4e498e9308e7bc0e3aa9923ab19002789e737b2ea7479b0cc970120861
- Size
  
  204KB
- MD5
  
  0823b069c99df9403c556deac7c96409
- SHA1
  
  6bbf60f838eb5c079e7b7c1accd45fc32d30517e
- SHA256
  
  2c151d4e498e9308e7bc0e3aa9923ab19002789e737b2ea7479b0cc970120861
- SHA512
  
  bae2c6004b64466bc68f6780367f39437fb59bc7342ab0d6c793ae2ea52ff2b448e65721f0bca7c60d8710e0df9dc05f08afa680f94ce6ffee33b5140ea257fd
- SSDEEP
  
  3072:omQW8JJr00tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWV+6:zlkV04QxL7B9W0c1RCzR/fSmlu7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence