46e81b1ad0ba98a1e21c7081ff1ad5b16c62b0e8799a4556b9c1b3ff8a084a25 | Triage

Sharing

General

Target

46e81b1ad0ba98a1e21c7081ff1ad5b16c62b0e8799a4556b9c1b3ff8a084a25
Size

204KB
Sample

221124-ad176seb58
MD5

1f927acb36621ce42b0d7a1b74097ee0
SHA1

a364e1c5a9df6ae375f6103d74e042cce6879739
SHA256

46e81b1ad0ba98a1e21c7081ff1ad5b16c62b0e8799a4556b9c1b3ff8a084a25
SHA512

e0b075987a637f5adcf9af57665e09dedb340ddb703ce07ed0fac27dbec332b8398aaad806ff7bb428b253afe73877964165fbcb52fd17f395cedd830901683c
SSDEEP

3072:VALd32ZmpmOhTojqOayjUrQz2f7HbEH17rKQo3m73:VuhTojquEQ6f7HoHo36

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  46e81b1ad0ba98a1e21c7081ff1ad5b16c62b0e8799a4556b9c1b3ff8a084a25
- Size
  
  204KB
- MD5
  
  1f927acb36621ce42b0d7a1b74097ee0
- SHA1
  
  a364e1c5a9df6ae375f6103d74e042cce6879739
- SHA256
  
  46e81b1ad0ba98a1e21c7081ff1ad5b16c62b0e8799a4556b9c1b3ff8a084a25
- SHA512
  
  e0b075987a637f5adcf9af57665e09dedb340ddb703ce07ed0fac27dbec332b8398aaad806ff7bb428b253afe73877964165fbcb52fd17f395cedd830901683c
- SSDEEP
  
  3072:VALd32ZmpmOhTojqOayjUrQz2f7HbEH17rKQo3m73:VuhTojquEQ6f7HoHo36
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence