c1a50942374198db15902e930edfbbd708ae513cdbe44e0860ba5413c046a922 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1a50942374198db15902e930edfbbd708ae513cdbe44e0860ba5413c046a922
Size

240KB
Sample

221107-zqfvfahbe7
MD5

063b9d7607921f11e55c4008fa36df9c
SHA1

8519221ea479deb6f8e386811f448b6ed04bdbdf
SHA256

c1a50942374198db15902e930edfbbd708ae513cdbe44e0860ba5413c046a922
SHA512

681dd397ca66a64abd344bc794adc1825c95bba734154dc337a12d8d0e829eeefe2d9c6d56bcc7e201da2eccc68b443d0772b090af7b39409d945185558e2b55
SSDEEP

3072:+lOk7J/BXDJL8q+nG2RGrqY2CzW7QcYss0qpdnGHHqxmB0Oo33a:kDJd8fGgGrqY2/7QcDs0sLH

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c1a50942374198db15902e930edfbbd708ae513cdbe44e0860ba5413c046a922
- Size
  
  240KB
- MD5
  
  063b9d7607921f11e55c4008fa36df9c
- SHA1
  
  8519221ea479deb6f8e386811f448b6ed04bdbdf
- SHA256
  
  c1a50942374198db15902e930edfbbd708ae513cdbe44e0860ba5413c046a922
- SHA512
  
  681dd397ca66a64abd344bc794adc1825c95bba734154dc337a12d8d0e829eeefe2d9c6d56bcc7e201da2eccc68b443d0772b090af7b39409d945185558e2b55
- SSDEEP
  
  3072:+lOk7J/BXDJL8q+nG2RGrqY2CzW7QcYss0qpdnGHHqxmB0Oo33a:kDJd8fGgGrqY2/7QcDs0sLH
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence