0328d2de822590aee0f69a30193a8b1ce7156451dd4ea435b42529529d55ddfe | Triage

Sharing

General

Target

0328d2de822590aee0f69a30193a8b1ce7156451dd4ea435b42529529d55ddfe
Size

192KB
Sample

221123-vrx3wscg2z
MD5

52d65a6b226391c4f0e9e178fcfd0280
SHA1

be2f064689d4979bff77cb23f4b76255704918e9
SHA256

0328d2de822590aee0f69a30193a8b1ce7156451dd4ea435b42529529d55ddfe
SHA512

8857402766ba8d61f4c6d0c3996e77ab27eabfa8946d8eadf375bba8ae9055698d523d431ab739e4b0bb46071575425a3bda60aade8ed45c86ce5e894c2071a2
SSDEEP

3072:46PLIxdvKuGr7t5qCRFSoRQg/yqd9Kf5L/SV5qK:XiVCRFSoRQiC5L/hK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0328d2de822590aee0f69a30193a8b1ce7156451dd4ea435b42529529d55ddfe
- Size
  
  192KB
- MD5
  
  52d65a6b226391c4f0e9e178fcfd0280
- SHA1
  
  be2f064689d4979bff77cb23f4b76255704918e9
- SHA256
  
  0328d2de822590aee0f69a30193a8b1ce7156451dd4ea435b42529529d55ddfe
- SHA512
  
  8857402766ba8d61f4c6d0c3996e77ab27eabfa8946d8eadf375bba8ae9055698d523d431ab739e4b0bb46071575425a3bda60aade8ed45c86ce5e894c2071a2
- SSDEEP
  
  3072:46PLIxdvKuGr7t5qCRFSoRQg/yqd9Kf5L/SV5qK:XiVCRFSoRQiC5L/hK
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence