41dd6e857ceb556d4b9040f539f08d93fc930c3a40d6ae213725dfc90f27d9f6 | Triage

Sharing

General

Target

41dd6e857ceb556d4b9040f539f08d93fc930c3a40d6ae213725dfc90f27d9f6
Size

135KB
Sample

221123-vrg2nscf8w
MD5

0819d577537dc12fbd00cae353e628e0
SHA1

891b6e530bb37cc128b9a48181f2bdd74e568de2
SHA256

41dd6e857ceb556d4b9040f539f08d93fc930c3a40d6ae213725dfc90f27d9f6
SHA512

d70a0968361bd3ec5fa95e6c3156b772944c9e1ccf415cbf93ee508fc5fe9b0e640977c8a32b11aa07d3d545fd1b5bb54574bb3edd363cd6a0b4b98b9bba09c5
SSDEEP

3072:GPMInrhifUPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVC:+JPoIDbByGPMsMP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  41dd6e857ceb556d4b9040f539f08d93fc930c3a40d6ae213725dfc90f27d9f6
- Size
  
  135KB
- MD5
  
  0819d577537dc12fbd00cae353e628e0
- SHA1
  
  891b6e530bb37cc128b9a48181f2bdd74e568de2
- SHA256
  
  41dd6e857ceb556d4b9040f539f08d93fc930c3a40d6ae213725dfc90f27d9f6
- SHA512
  
  d70a0968361bd3ec5fa95e6c3156b772944c9e1ccf415cbf93ee508fc5fe9b0e640977c8a32b11aa07d3d545fd1b5bb54574bb3edd363cd6a0b4b98b9bba09c5
- SSDEEP
  
  3072:GPMInrhifUPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVC:+JPoIDbByGPMsMP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence