c935430c9e6907a6d9f527b9bca3562ffe19e9a7e827f7d79ccf7c09ae9010fa | Triage

Sharing

General

Target

c935430c9e6907a6d9f527b9bca3562ffe19e9a7e827f7d79ccf7c09ae9010fa
Size

280KB
Sample

221123-xn8fkaff29
MD5

530d48fdf674b232be66f727bdcd5fa8
SHA1

52c93089d1d4e26f81063ec05543c8b85b4b6bb3
SHA256

c935430c9e6907a6d9f527b9bca3562ffe19e9a7e827f7d79ccf7c09ae9010fa
SHA512

410bf9d53b2ddd9209e4371341e5aa8bf69751e53611ef3ad30ec8a338e74f63fa140888a45f9ebfff0ec533f79e8e61a9c87b7588e6be445e539f752f342b58
SSDEEP

3072:DkW/v+/mkT/Ozb1/7Vc1tdjZQQLnQhhyBZ8Irfdaqebssot7rFVtWzdbcTfBX:DP2mK2bVMJuQ0hhynfdaJqNrtWzCd

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c935430c9e6907a6d9f527b9bca3562ffe19e9a7e827f7d79ccf7c09ae9010fa
- Size
  
  280KB
- MD5
  
  530d48fdf674b232be66f727bdcd5fa8
- SHA1
  
  52c93089d1d4e26f81063ec05543c8b85b4b6bb3
- SHA256
  
  c935430c9e6907a6d9f527b9bca3562ffe19e9a7e827f7d79ccf7c09ae9010fa
- SHA512
  
  410bf9d53b2ddd9209e4371341e5aa8bf69751e53611ef3ad30ec8a338e74f63fa140888a45f9ebfff0ec533f79e8e61a9c87b7588e6be445e539f752f342b58
- SSDEEP
  
  3072:DkW/v+/mkT/Ozb1/7Vc1tdjZQQLnQhhyBZ8Irfdaqebssot7rFVtWzdbcTfBX:DP2mK2bVMJuQ0hhynfdaJqNrtWzCd
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence