8248b3e32bbb61067f5bfe7eddccadb9430b6307c4f19165673cd1d23a77d6a7 | Triage

Sharing

General

Target

8248b3e32bbb61067f5bfe7eddccadb9430b6307c4f19165673cd1d23a77d6a7
Size

220KB
Sample

221123-xw2mzsbb9y
MD5

5399eb5fa84fe42b59d49b8b29721110
SHA1

acc8311ee4004e631df4faec7ff712fa5bdfca23
SHA256

8248b3e32bbb61067f5bfe7eddccadb9430b6307c4f19165673cd1d23a77d6a7
SHA512

84662b940018032c47beff54e3cb58be7c765f873af6049f6da3e2effa85e28a01525bd8322a7ed8ff9173c7fbb990b4e40b09f1e8915912512fdd38ce9a0a7c
SSDEEP

3072:hmWJLZk28YUL4qx9RIHgil3UuhSa3U3dDpd6Oy+MIrnj3JnNKY:sWfkL15x9SHVe1jb5

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8248b3e32bbb61067f5bfe7eddccadb9430b6307c4f19165673cd1d23a77d6a7
- Size
  
  220KB
- MD5
  
  5399eb5fa84fe42b59d49b8b29721110
- SHA1
  
  acc8311ee4004e631df4faec7ff712fa5bdfca23
- SHA256
  
  8248b3e32bbb61067f5bfe7eddccadb9430b6307c4f19165673cd1d23a77d6a7
- SHA512
  
  84662b940018032c47beff54e3cb58be7c765f873af6049f6da3e2effa85e28a01525bd8322a7ed8ff9173c7fbb990b4e40b09f1e8915912512fdd38ce9a0a7c
- SSDEEP
  
  3072:hmWJLZk28YUL4qx9RIHgil3UuhSa3U3dDpd6Oy+MIrnj3JnNKY:sWfkL15x9SHVe1jb5
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence