264cd3d48a35eeecc725d1ff8fb008a3d1a232f4eed1d9d30d090580e4081192 | Triage

Sharing

General

Target

264cd3d48a35eeecc725d1ff8fb008a3d1a232f4eed1d9d30d090580e4081192
Size

344KB
Sample

221123-vks6cscb8s
MD5

345cd25d64cd6eb2b0702936bfc3aeb8
SHA1

8858add72003dadfa44e17f727173499449a53b9
SHA256

264cd3d48a35eeecc725d1ff8fb008a3d1a232f4eed1d9d30d090580e4081192
SHA512

8f7ba2d109e765560f1bdefa6b85d577f206f429362945245941591f9d9c1bb4ae2ed26a2f622defc22b77ed0c3c3b6256a97d77589d2182cde7c05d8e7aacce
SSDEEP

6144:t2YUV+0TPeG9SWK/fObT/bGidhjhxEF0N3hL7VklVA3MZLhcYm9e4yqyQhNNnSZ7:tdUV+0TPLwWK/fObT/bGiA0NFVkWMZLJ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  264cd3d48a35eeecc725d1ff8fb008a3d1a232f4eed1d9d30d090580e4081192
- Size
  
  344KB
- MD5
  
  345cd25d64cd6eb2b0702936bfc3aeb8
- SHA1
  
  8858add72003dadfa44e17f727173499449a53b9
- SHA256
  
  264cd3d48a35eeecc725d1ff8fb008a3d1a232f4eed1d9d30d090580e4081192
- SHA512
  
  8f7ba2d109e765560f1bdefa6b85d577f206f429362945245941591f9d9c1bb4ae2ed26a2f622defc22b77ed0c3c3b6256a97d77589d2182cde7c05d8e7aacce
- SSDEEP
  
  6144:t2YUV+0TPeG9SWK/fObT/bGidhjhxEF0N3hL7VklVA3MZLhcYm9e4yqyQhNNnSZ7:tdUV+0TPLwWK/fObT/bGiA0NFVkWMZLJ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence