30b45ea2988dc969826e0bc73573d1cb931979821cfa15a97d866ab94f44d403 | Triage

Sharing

General

Target

30b45ea2988dc969826e0bc73573d1cb931979821cfa15a97d866ab94f44d403
Size

248KB
Sample

221123-tbwdpadf23
MD5

4f0754bfb665bff121c620c94bbd5ea0
SHA1

04d89f4784b1d91c187f4541785342a38d6ffecd
SHA256

30b45ea2988dc969826e0bc73573d1cb931979821cfa15a97d866ab94f44d403
SHA512

5386b07b319c1a9dfc60aa454c6042a76bb2041b0634e1bdaae30ddaf374def000be3d3ad590a2cdf2563be6ab464ef71069f29935d0ff627dfbea7f8c9eeea6
SSDEEP

6144:9YM5CElofkFWQPtnRneqAKnvmb7/D269fgwMty0e6ndv0DEQ:935CLkFfnRnWKnvmb7/D26qndv0DV

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  30b45ea2988dc969826e0bc73573d1cb931979821cfa15a97d866ab94f44d403
- Size
  
  248KB
- MD5
  
  4f0754bfb665bff121c620c94bbd5ea0
- SHA1
  
  04d89f4784b1d91c187f4541785342a38d6ffecd
- SHA256
  
  30b45ea2988dc969826e0bc73573d1cb931979821cfa15a97d866ab94f44d403
- SHA512
  
  5386b07b319c1a9dfc60aa454c6042a76bb2041b0634e1bdaae30ddaf374def000be3d3ad590a2cdf2563be6ab464ef71069f29935d0ff627dfbea7f8c9eeea6
- SSDEEP
  
  6144:9YM5CElofkFWQPtnRneqAKnvmb7/D269fgwMty0e6ndv0DEQ:935CLkFfnRnWKnvmb7/D26qndv0DV
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence