c93db112cf7b9a786e94d92d44acd026086c66349223087097f89d9a1dbc4924 | Triage

Sharing

General

Target

c93db112cf7b9a786e94d92d44acd026086c66349223087097f89d9a1dbc4924
Size

124KB
Sample

221107-zpjjyahba8
MD5

01dc7b4f0787be063176ea46911c5850
SHA1

46d071d7f50884104cf0ccb7e2dc5493023df981
SHA256

c93db112cf7b9a786e94d92d44acd026086c66349223087097f89d9a1dbc4924
SHA512

e503bf3df7be84e61ddb71a5c4729d350e0aec637fdb585df248c702b29d8ee93d930ef15e649bd7f5b9fcd111c87f1b1b97521871eb0b2915f74b0c91fffaca
SSDEEP

1536:ZOszF5Y1hRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:MGDY1hkFoN3Oo1+FvfSW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c93db112cf7b9a786e94d92d44acd026086c66349223087097f89d9a1dbc4924
- Size
  
  124KB
- MD5
  
  01dc7b4f0787be063176ea46911c5850
- SHA1
  
  46d071d7f50884104cf0ccb7e2dc5493023df981
- SHA256
  
  c93db112cf7b9a786e94d92d44acd026086c66349223087097f89d9a1dbc4924
- SHA512
  
  e503bf3df7be84e61ddb71a5c4729d350e0aec637fdb585df248c702b29d8ee93d930ef15e649bd7f5b9fcd111c87f1b1b97521871eb0b2915f74b0c91fffaca
- SSDEEP
  
  1536:ZOszF5Y1hRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:MGDY1hkFoN3Oo1+FvfSW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence