af65b2b3b771ed8bec970794300567a288d31a5b9dd6597b2fe819f774674498 | Triage

Sharing

General

Target

af65b2b3b771ed8bec970794300567a288d31a5b9dd6597b2fe819f774674498
Size

156KB
Sample

221124-aajtqadg83
MD5

15a2ff5cb303a745d43c92e83f362c20
SHA1

8351151e57565638e8cce9f4615266b5b63fe328
SHA256

af65b2b3b771ed8bec970794300567a288d31a5b9dd6597b2fe819f774674498
SHA512

b1ce04d4c4616979dcc4c4896c0d7edb930f0b363e2b117fcccb3892365025e62ef524c457774623ce2e19e55e6bfec6b8db0cdb3bd3cc7ac5a3a897e3a3c9c7
SSDEEP

3072:LxRn2efUkuUx/loYl36iqlekwohWv6pcDordSB4oQZiEtw:lJvUk/dlb+wohQxDomW0

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  af65b2b3b771ed8bec970794300567a288d31a5b9dd6597b2fe819f774674498
- Size
  
  156KB
- MD5
  
  15a2ff5cb303a745d43c92e83f362c20
- SHA1
  
  8351151e57565638e8cce9f4615266b5b63fe328
- SHA256
  
  af65b2b3b771ed8bec970794300567a288d31a5b9dd6597b2fe819f774674498
- SHA512
  
  b1ce04d4c4616979dcc4c4896c0d7edb930f0b363e2b117fcccb3892365025e62ef524c457774623ce2e19e55e6bfec6b8db0cdb3bd3cc7ac5a3a897e3a3c9c7
- SSDEEP
  
  3072:LxRn2efUkuUx/loYl36iqlekwohWv6pcDordSB4oQZiEtw:lJvUk/dlb+wohQxDomW0
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence