f41c2c681c97c911650f058881890ceabd27e7c84dd1e5a578a0b766cbe4de9b | Triage

Sharing

General

Target

f41c2c681c97c911650f058881890ceabd27e7c84dd1e5a578a0b766cbe4de9b
Size

148KB
Sample

221107-zgw53aaher
MD5

0efd4377d48e9fa18fb3f390c6cdfb01
SHA1

422d5570afd48ed88f2efc14db70482032e96abd
SHA256

f41c2c681c97c911650f058881890ceabd27e7c84dd1e5a578a0b766cbe4de9b
SHA512

8ce607c7b181d4f1776c3186785c40a11ada2426abd247f510395e81c5b5faf72d905f30a121ea42d002d24c75c6458795a51874ef5a2ec467351457419f26c9
SSDEEP

3072:/iF2Qh4mRpDGq7At/yRWr2wA36nbMUq8hFOdhIk4oQZiEtx6Ua3:KFBh96F90Wf7nJPwdzWZ6U6

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f41c2c681c97c911650f058881890ceabd27e7c84dd1e5a578a0b766cbe4de9b
- Size
  
  148KB
- MD5
  
  0efd4377d48e9fa18fb3f390c6cdfb01
- SHA1
  
  422d5570afd48ed88f2efc14db70482032e96abd
- SHA256
  
  f41c2c681c97c911650f058881890ceabd27e7c84dd1e5a578a0b766cbe4de9b
- SHA512
  
  8ce607c7b181d4f1776c3186785c40a11ada2426abd247f510395e81c5b5faf72d905f30a121ea42d002d24c75c6458795a51874ef5a2ec467351457419f26c9
- SSDEEP
  
  3072:/iF2Qh4mRpDGq7At/yRWr2wA36nbMUq8hFOdhIk4oQZiEtx6Ua3:KFBh96F90Wf7nJPwdzWZ6U6
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence