a27c3cf6d68a8ba21964a158032bf424934a1a079b90c6bbc73dcc3aa0e5d8d5 | Triage

Sharing

General

Target

a27c3cf6d68a8ba21964a158032bf424934a1a079b90c6bbc73dcc3aa0e5d8d5
Size

92KB
Sample

221123-xm7gwaae3x
MD5

45422049972105a6304fa2d624358130
SHA1

48c3e94ae31f9b2278a4be2d56fdeff6a5937c6e
SHA256

a27c3cf6d68a8ba21964a158032bf424934a1a079b90c6bbc73dcc3aa0e5d8d5
SHA512

03bc41098ba0c1499ea0d3194ff55e3e53dbd8b57d0b8d17d7d6f745a3a98a05079519a68785a6ec11b2c86b49d776e70cf6c48f8ef84d3d0f8423250b99ed40
SSDEEP

1536:0zX2SaBsTwGDmTkrlyn6qLhbqBO2zk1lF7ySSy26QRwzvDmNmohL:tGHlcYBO2zgStiNohL

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a27c3cf6d68a8ba21964a158032bf424934a1a079b90c6bbc73dcc3aa0e5d8d5
- Size
  
  92KB
- MD5
  
  45422049972105a6304fa2d624358130
- SHA1
  
  48c3e94ae31f9b2278a4be2d56fdeff6a5937c6e
- SHA256
  
  a27c3cf6d68a8ba21964a158032bf424934a1a079b90c6bbc73dcc3aa0e5d8d5
- SHA512
  
  03bc41098ba0c1499ea0d3194ff55e3e53dbd8b57d0b8d17d7d6f745a3a98a05079519a68785a6ec11b2c86b49d776e70cf6c48f8ef84d3d0f8423250b99ed40
- SSDEEP
  
  1536:0zX2SaBsTwGDmTkrlyn6qLhbqBO2zk1lF7ySSy26QRwzvDmNmohL:tGHlcYBO2zgStiNohL
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence