a9bf55069a94e0637c0953a472fab08cdf5dc2cdcdb6120ed8df5607f2e01dab | Triage

Sharing

General

Target

a9bf55069a94e0637c0953a472fab08cdf5dc2cdcdb6120ed8df5607f2e01dab
Size

308KB
Sample

221107-zjenssbacr
MD5

08490d66b00863123d5942e5e3a29e9d
SHA1

3a8d7c564b9819b79b24bdd02571f4808df96ac2
SHA256

a9bf55069a94e0637c0953a472fab08cdf5dc2cdcdb6120ed8df5607f2e01dab
SHA512

16bfd65ffdd192cb5a6956065601d393682f046b9e4c1eb5d5df73bdd6f6a9a8998c327cb4255d58302ed609eb67287ffc64ca738ccf0882f87e4cab2d559825
SSDEEP

6144:9IUIpydVsZyxyK5R8GYKi1Xfvs1tzH51t+ewSRegNb/:Juydfieb/j

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a9bf55069a94e0637c0953a472fab08cdf5dc2cdcdb6120ed8df5607f2e01dab
- Size
  
  308KB
- MD5
  
  08490d66b00863123d5942e5e3a29e9d
- SHA1
  
  3a8d7c564b9819b79b24bdd02571f4808df96ac2
- SHA256
  
  a9bf55069a94e0637c0953a472fab08cdf5dc2cdcdb6120ed8df5607f2e01dab
- SHA512
  
  16bfd65ffdd192cb5a6956065601d393682f046b9e4c1eb5d5df73bdd6f6a9a8998c327cb4255d58302ed609eb67287ffc64ca738ccf0882f87e4cab2d559825
- SSDEEP
  
  6144:9IUIpydVsZyxyK5R8GYKi1Xfvs1tzH51t+ewSRegNb/:Juydfieb/j
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence