31485e7448a6bbf693fea5de958b16aef3ed542289ffe0e8db094503eb6819f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31485e7448a6bbf693fea5de958b16aef3ed542289ffe0e8db094503eb6819f3
Size

328KB
Sample

221107-zczqdsafhk
MD5

00e26ade03919a0cf8c4b3b257286e80
SHA1

6e710ab27edbcbf40087deab96e2dcef2074c4d0
SHA256

31485e7448a6bbf693fea5de958b16aef3ed542289ffe0e8db094503eb6819f3
SHA512

98f653f8b6db891d1f94fa21b2ea673ed923e880ebe695711aecb03f66038d06c67b0ccb74e57c707089a60a9e897b461642f690b5ef9e37080df928c627d98a
SSDEEP

6144:NrdCMeavuzakX681UbgwDO7zRdmM57M1864FG:NlBvuzPE

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  31485e7448a6bbf693fea5de958b16aef3ed542289ffe0e8db094503eb6819f3
- Size
  
  328KB
- MD5
  
  00e26ade03919a0cf8c4b3b257286e80
- SHA1
  
  6e710ab27edbcbf40087deab96e2dcef2074c4d0
- SHA256
  
  31485e7448a6bbf693fea5de958b16aef3ed542289ffe0e8db094503eb6819f3
- SHA512
  
  98f653f8b6db891d1f94fa21b2ea673ed923e880ebe695711aecb03f66038d06c67b0ccb74e57c707089a60a9e897b461642f690b5ef9e37080df928c627d98a
- SSDEEP
  
  6144:NrdCMeavuzakX681UbgwDO7zRdmM57M1864FG:NlBvuzPE
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence