08aea916fe32a395d863d9dc21ba8a10b4c6188cec4ecd019a01cb685aa27331 | Triage

Sharing

General

Target

08aea916fe32a395d863d9dc21ba8a10b4c6188cec4ecd019a01cb685aa27331
Size

168KB
Sample

221123-w3929sgg2w
MD5

437f5faf05562dcefc56a087084adb80
SHA1

7fa0c1b831d58b0cd83aa842a8cb9ae17ec2074f
SHA256

08aea916fe32a395d863d9dc21ba8a10b4c6188cec4ecd019a01cb685aa27331
SHA512

8176f8ccbb0a08fcf2311e4275f33be4b3f44e84e57aca9a2c76b4240034b2dc33d07d3652661eff96dacd2fd0b27ff2a45215e3815aeb9793a448d5cf67242a
SSDEEP

3072:ShGs8CdY7SIsyvTlo/11hJl2czGRqxZdxxW97Ad:ShGDCdYiQlS1NJG6/xn

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  08aea916fe32a395d863d9dc21ba8a10b4c6188cec4ecd019a01cb685aa27331
- Size
  
  168KB
- MD5
  
  437f5faf05562dcefc56a087084adb80
- SHA1
  
  7fa0c1b831d58b0cd83aa842a8cb9ae17ec2074f
- SHA256
  
  08aea916fe32a395d863d9dc21ba8a10b4c6188cec4ecd019a01cb685aa27331
- SHA512
  
  8176f8ccbb0a08fcf2311e4275f33be4b3f44e84e57aca9a2c76b4240034b2dc33d07d3652661eff96dacd2fd0b27ff2a45215e3815aeb9793a448d5cf67242a
- SSDEEP
  
  3072:ShGs8CdY7SIsyvTlo/11hJl2czGRqxZdxxW97Ad:ShGDCdYiQlS1NJG6/xn
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence