4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0 | Triage

Sharing

General

Target

4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0
Size

260KB
Sample

221124-adthbshd8w
MD5

349815881bc9147ffc26843be2939ff0
SHA1

785f1230a94f7bb364fa713e402aeec31582a2ff
SHA256

4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0
SHA512

a111de01daa7e683f9042f46411bba9e255a7fefb3aa28e0c16aae5dd818621c537148d1ad384958d4879c600adc35457b79a4fc6f6139caefb75b276e3f1b81
SSDEEP

6144:V4HtUUp7WQn6mr1R4bKLnXejKloO6JU1J7QnpXZ7Ta9kzU2/pn:VkJp6Qn6mr1R4bKLnXaKaO6O1JAptH

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0
- Size
  
  260KB
- MD5
  
  349815881bc9147ffc26843be2939ff0
- SHA1
  
  785f1230a94f7bb364fa713e402aeec31582a2ff
- SHA256
  
  4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0
- SHA512
  
  a111de01daa7e683f9042f46411bba9e255a7fefb3aa28e0c16aae5dd818621c537148d1ad384958d4879c600adc35457b79a4fc6f6139caefb75b276e3f1b81
- SSDEEP
  
  6144:V4HtUUp7WQn6mr1R4bKLnXejKloO6JU1J7QnpXZ7Ta9kzU2/pn:VkJp6Qn6mr1R4bKLnXaKaO6O1JAptH
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence