9cf13281b541e2defe56505b69f8df2945c85876a438649e44bc7a98929d68aa | Triage

Sharing

General

Target

9cf13281b541e2defe56505b69f8df2945c85876a438649e44bc7a98929d68aa
Size

88KB
Sample

221123-t9d73agc97
MD5

5e690fa19585e0e553366311ee0a16c0
SHA1

08b53f2a499dc15cba5d6c4d055d3c780ef52324
SHA256

9cf13281b541e2defe56505b69f8df2945c85876a438649e44bc7a98929d68aa
SHA512

ba6168f3a4c85770952e023b3fff1e7b3dc1d103a5ef43b74f6fb77b59f8aa3c0c36fa9a02ad36a1eb9be80dfcabec9ccc344d69ad9e6f6ac17bb63367fd1fcb
SSDEEP

1536:6eUDdZnW1pLDcw3Hr+PaGme7pPXLq0zTrkyP:JUDrnl1XTzToyP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9cf13281b541e2defe56505b69f8df2945c85876a438649e44bc7a98929d68aa
- Size
  
  88KB
- MD5
  
  5e690fa19585e0e553366311ee0a16c0
- SHA1
  
  08b53f2a499dc15cba5d6c4d055d3c780ef52324
- SHA256
  
  9cf13281b541e2defe56505b69f8df2945c85876a438649e44bc7a98929d68aa
- SHA512
  
  ba6168f3a4c85770952e023b3fff1e7b3dc1d103a5ef43b74f6fb77b59f8aa3c0c36fa9a02ad36a1eb9be80dfcabec9ccc344d69ad9e6f6ac17bb63367fd1fcb
- SSDEEP
  
  1536:6eUDdZnW1pLDcw3Hr+PaGme7pPXLq0zTrkyP:JUDrnl1XTzToyP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence