b0de017bacaeff40ad1e45d4f9b0258d41a2ed707c89f497147f5a5d761489a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0de017bacaeff40ad1e45d4f9b0258d41a2ed707c89f497147f5a5d761489a0
Size

100KB
Sample

221123-xqcfxaff82
MD5

450b0174c106293d1bb70bf5ec3d1a77
SHA1

631d4bbf2a2ba623da8d0644f9c356b60134e235
SHA256

b0de017bacaeff40ad1e45d4f9b0258d41a2ed707c89f497147f5a5d761489a0
SHA512

296fda3be4292758f36396a348b05f993896165835b6c74a1ed9a86369df7375f3d3ae4dba4910a2e34abc6d5a529c05cc5b5641090e981981af0b7094b880c2
SSDEEP

1536:jSHi0gNGp4BNRXAEwqScgDz0Bg2PDXJRde/SwvFMYVwC+QaM7oXjLl0V7:4x4zDfDXJVI+4o3mV7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b0de017bacaeff40ad1e45d4f9b0258d41a2ed707c89f497147f5a5d761489a0
- Size
  
  100KB
- MD5
  
  450b0174c106293d1bb70bf5ec3d1a77
- SHA1
  
  631d4bbf2a2ba623da8d0644f9c356b60134e235
- SHA256
  
  b0de017bacaeff40ad1e45d4f9b0258d41a2ed707c89f497147f5a5d761489a0
- SHA512
  
  296fda3be4292758f36396a348b05f993896165835b6c74a1ed9a86369df7375f3d3ae4dba4910a2e34abc6d5a529c05cc5b5641090e981981af0b7094b880c2
- SSDEEP
  
  1536:jSHi0gNGp4BNRXAEwqScgDz0Bg2PDXJRde/SwvFMYVwC+QaM7oXjLl0V7:4x4zDfDXJVI+4o3mV7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence