0349bc87fb98146dc8aa80a020640e838202454fba01f31203870d30b9ef7141 | Triage

Sharing

General

Target

0349bc87fb98146dc8aa80a020640e838202454fba01f31203870d30b9ef7141
Size

128KB
Sample

221124-afzr5ahf21
MD5

5c7b7a7c5e2d0dbb958f550a5e3ccad4
SHA1

ae8602380dff3c804f870ee1e4f37b9f4d1e9eb3
SHA256

0349bc87fb98146dc8aa80a020640e838202454fba01f31203870d30b9ef7141
SHA512

7ae4bfa9206092feee47a6857ee99ba0830b3a3d3850714291c80da1ebdfbd491e0aeebccb41f15eb4e957729f0b93f6b630efc07b220ab853c87db8f32e0f4f
SSDEEP

3072:ADyjSDvi4wqCXcsTlyrGn8Dq7E0zQL16Yirqn5zd3Zh3:utwqMpErGnWq7E0zQL3i2n5zdf

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0349bc87fb98146dc8aa80a020640e838202454fba01f31203870d30b9ef7141
- Size
  
  128KB
- MD5
  
  5c7b7a7c5e2d0dbb958f550a5e3ccad4
- SHA1
  
  ae8602380dff3c804f870ee1e4f37b9f4d1e9eb3
- SHA256
  
  0349bc87fb98146dc8aa80a020640e838202454fba01f31203870d30b9ef7141
- SHA512
  
  7ae4bfa9206092feee47a6857ee99ba0830b3a3d3850714291c80da1ebdfbd491e0aeebccb41f15eb4e957729f0b93f6b630efc07b220ab853c87db8f32e0f4f
- SSDEEP
  
  3072:ADyjSDvi4wqCXcsTlyrGn8Dq7E0zQL16Yirqn5zd3Zh3:utwqMpErGnWq7E0zQL3i2n5zdf
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence