3da663fd151b180bb43f07316e5f1ab8fca9e870103c195b75da625b1d447130 | Triage

Sharing

General

Target

3da663fd151b180bb43f07316e5f1ab8fca9e870103c195b75da625b1d447130
Size

108KB
Sample

221123-xndwysae4t
MD5

49775d19eb3c15b18f9e17dc9461ca06
SHA1

353f0ac07e674032291c5b967c302abcd1ad9619
SHA256

3da663fd151b180bb43f07316e5f1ab8fca9e870103c195b75da625b1d447130
SHA512

41d8e24d5f4aba46d46bd13c430ffc8dca22b324dc981b8cee69ad3d331a79091407bf4ba0cccaeb36e2a74fb2d21d7fc64f1cbe9f18d059bb4f4290e40fc5b4
SSDEEP

1536:JKZSPvOJofZMf8G6oX9aHyELqOW3GFw7vwmqFkyYpWe5srvIyiA+UWI5Q0wXT50h:Xv7oX9EO7LqW3XHCnLl

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3da663fd151b180bb43f07316e5f1ab8fca9e870103c195b75da625b1d447130
- Size
  
  108KB
- MD5
  
  49775d19eb3c15b18f9e17dc9461ca06
- SHA1
  
  353f0ac07e674032291c5b967c302abcd1ad9619
- SHA256
  
  3da663fd151b180bb43f07316e5f1ab8fca9e870103c195b75da625b1d447130
- SHA512
  
  41d8e24d5f4aba46d46bd13c430ffc8dca22b324dc981b8cee69ad3d331a79091407bf4ba0cccaeb36e2a74fb2d21d7fc64f1cbe9f18d059bb4f4290e40fc5b4
- SSDEEP
  
  1536:JKZSPvOJofZMf8G6oX9aHyELqOW3GFw7vwmqFkyYpWe5srvIyiA+UWI5Q0wXT50h:Xv7oX9EO7LqW3XHCnLl
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence