83182d0edb282283519fe9c508e83c1a0d5898640c8e46403904f913b39ddc65 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83182d0edb282283519fe9c508e83c1a0d5898640c8e46403904f913b39ddc65
Size

220KB
Sample

221124-ab7l6sea27
MD5

082582552e8f7df865439dca1c2e12bf
SHA1

640f32bdcd62f41901af3dd94b84286076440a7a
SHA256

83182d0edb282283519fe9c508e83c1a0d5898640c8e46403904f913b39ddc65
SHA512

698bdadee1dc88dbd762306a40a2281473f48d416e7220c71f421b3bf1da00ce70b0f64874c1e69382cc7a125c88800f69da27605f97ed4e27151faa93960a0e
SSDEEP

1536:u7n/YQsVMawoIZsh0CF+sKE0C1rZL4H0c2BHtg1/J+iZAb+g9WCyiHC/XRG1iFn6:IAQBMOFCsv/CL0jJMNWCyiHC31psmc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  83182d0edb282283519fe9c508e83c1a0d5898640c8e46403904f913b39ddc65
- Size
  
  220KB
- MD5
  
  082582552e8f7df865439dca1c2e12bf
- SHA1
  
  640f32bdcd62f41901af3dd94b84286076440a7a
- SHA256
  
  83182d0edb282283519fe9c508e83c1a0d5898640c8e46403904f913b39ddc65
- SHA512
  
  698bdadee1dc88dbd762306a40a2281473f48d416e7220c71f421b3bf1da00ce70b0f64874c1e69382cc7a125c88800f69da27605f97ed4e27151faa93960a0e
- SSDEEP
  
  1536:u7n/YQsVMawoIZsh0CF+sKE0C1rZL4H0c2BHtg1/J+iZAb+g9WCyiHC/XRG1iFn6:IAQBMOFCsv/CL0jJMNWCyiHC31psmc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence