fa41f67c03127215b111fe2d184fcb077ab195c485117fca22f7c51167972ec4 | Triage

Sharing

General

Target

fa41f67c03127215b111fe2d184fcb077ab195c485117fca22f7c51167972ec4
Size

260KB
Sample

221107-zjq2tsbael
MD5

0204a77c15966d98f92c4bf746101230
SHA1

288d3615177e8a415ff3851dc374c2c4e2c41ba1
SHA256

fa41f67c03127215b111fe2d184fcb077ab195c485117fca22f7c51167972ec4
SHA512

de3e0b8694dc8467bef415668a13ca2f8861153099a31916b2a29eea7a8888f3f9e5b5c2f313deb51acb37f75df3fbc57a7cbd53ab56a17ad764c66fca3f8318
SSDEEP

6144:sgRymUhL25VGQllHiU6ZdCFqhVeVHEv++G:sgR5UhL2lHiU6ZdFPeilG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fa41f67c03127215b111fe2d184fcb077ab195c485117fca22f7c51167972ec4
- Size
  
  260KB
- MD5
  
  0204a77c15966d98f92c4bf746101230
- SHA1
  
  288d3615177e8a415ff3851dc374c2c4e2c41ba1
- SHA256
  
  fa41f67c03127215b111fe2d184fcb077ab195c485117fca22f7c51167972ec4
- SHA512
  
  de3e0b8694dc8467bef415668a13ca2f8861153099a31916b2a29eea7a8888f3f9e5b5c2f313deb51acb37f75df3fbc57a7cbd53ab56a17ad764c66fca3f8318
- SSDEEP
  
  6144:sgRymUhL25VGQllHiU6ZdCFqhVeVHEv++G:sgR5UhL2lHiU6ZdFPeilG
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence