8d0ebdc5d2c6904503406660e51fb3abb9098f7ff764a30d3d5e3046271aa3dd | Triage

Sharing

General

Target

8d0ebdc5d2c6904503406660e51fb3abb9098f7ff764a30d3d5e3046271aa3dd
Size

248KB
Sample

221123-vnrfyacd9z
MD5

25efd5741079fc0f785406b863745733
SHA1

dc614bec7d891327e849639f9accf1ed06ec9794
SHA256

8d0ebdc5d2c6904503406660e51fb3abb9098f7ff764a30d3d5e3046271aa3dd
SHA512

c4867717f046568b149c05d6f12845013c9a01fc8ad17a50a0a6c20ef3d16fb2460b9816da08682c4ff128885b5d0bd26b29cfd583089121e2c2b9e7bdbaedd2
SSDEEP

3072:54clvBhDo0BKxWVeBYhInpMFgYykBgfXzRRpGPlOH+cZknPh43Ucl:Wcl3dgEeqPFXTgfV6PlOH+gKPu3x

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8d0ebdc5d2c6904503406660e51fb3abb9098f7ff764a30d3d5e3046271aa3dd
- Size
  
  248KB
- MD5
  
  25efd5741079fc0f785406b863745733
- SHA1
  
  dc614bec7d891327e849639f9accf1ed06ec9794
- SHA256
  
  8d0ebdc5d2c6904503406660e51fb3abb9098f7ff764a30d3d5e3046271aa3dd
- SHA512
  
  c4867717f046568b149c05d6f12845013c9a01fc8ad17a50a0a6c20ef3d16fb2460b9816da08682c4ff128885b5d0bd26b29cfd583089121e2c2b9e7bdbaedd2
- SSDEEP
  
  3072:54clvBhDo0BKxWVeBYhInpMFgYykBgfXzRRpGPlOH+cZknPh43Ucl:Wcl3dgEeqPFXTgfV6PlOH+gKPu3x
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence