2a07b35d0e67d8411f0145c2de91ff750ae97fb06f851e71b478f7805f7cc100 | Triage

Sharing

General

Target

2a07b35d0e67d8411f0145c2de91ff750ae97fb06f851e71b478f7805f7cc100
Size

168KB
Sample

221123-vlcvrscc3w
MD5

454a3fb58e149902f7727496391200e0
SHA1

4c9c5be7fbf71a84e53c770d7520f5593cc8c980
SHA256

2a07b35d0e67d8411f0145c2de91ff750ae97fb06f851e71b478f7805f7cc100
SHA512

67348ebe3ae99386a47cfd7e516865d7a136fb521054f1a461808ee67e6356bbb0729d48f3413dee8910bbf6223fe59021f9b4eead77b248c5f5411ad1a019ac
SSDEEP

768:c4lvMajhJP5iUwbjMPkG1VuW/wqvRXMXp677yCzdXZRT2Nq1MaQnepMri14PGBEv:c4RlVJh+lGVs4emEFbMP0

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2a07b35d0e67d8411f0145c2de91ff750ae97fb06f851e71b478f7805f7cc100
- Size
  
  168KB
- MD5
  
  454a3fb58e149902f7727496391200e0
- SHA1
  
  4c9c5be7fbf71a84e53c770d7520f5593cc8c980
- SHA256
  
  2a07b35d0e67d8411f0145c2de91ff750ae97fb06f851e71b478f7805f7cc100
- SHA512
  
  67348ebe3ae99386a47cfd7e516865d7a136fb521054f1a461808ee67e6356bbb0729d48f3413dee8910bbf6223fe59021f9b4eead77b248c5f5411ad1a019ac
- SSDEEP
  
  768:c4lvMajhJP5iUwbjMPkG1VuW/wqvRXMXp677yCzdXZRT2Nq1MaQnepMri14PGBEv:c4RlVJh+lGVs4emEFbMP0
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence